ALERT: Your Business Needs to Take the Log4j Extremely Seriously
You’ve probably already heard about Log4j this week. Maybe you don’t recognize the name, but it’s likely that you have run across emails or news articles talking about this widespread vulnerability. You need to take it very seriously.
What is Log4j?
When developing software, developers utilize different programming languages. One of these languages is called Java, and in Java, developers have multiple libraries to work with. Log4j is one of those libraries, and it has recently been uncovered that there is a huge vulnerability that cybercriminals can exploit to gain access to your systems and data. It’s a huge open door that has been there for years, and now that the world knows about it, it is just a matter of time before it is being used to do damage.
This particular Java library has been used a lot over the years. The vulnerability impacts some pretty big names in software and cloud hosting, such as:
…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.
Is My Business Impacted by Log4j?
It’s almost certain that it is. We can’t stress enough that this is a big issue, and that major tech companies are scrambling to put out patches. It doesn’t just affect the folks at Amazon and Microsoft, it affects those that use their products as well.
What You Can Do to Fight Back Against Log4j
One of the scary things about this vulnerability is that most businesses are at the mercy of their vendors to patch it, and some experts think it will take years before this vulnerability is totally removed from the world. Fortunately, as we mentioned earlier, the big names in tech are scrambling to get a patch out the door, and many, if not most, already have.
However, it also falls on the impacted webmasters and businesses to apply the patches that these developers put out. Beyond that, it is critical that you as an individual remain vigilant in your cybersecurity hygiene. That goes double for your business.
For example, let’s assume for a moment that you’re a user on a fantasy football league website. If that website relies on technology that Log4j impacts and they don’t apply the fixes, the information you’ve provided to the website—account details, financial information, and whatever else—would be vulnerable and easy to steal.
This applies to every website or application that uses this technology; if they don't react, your account with them is not very safe.
The problem is, as a user, you can’t really tell if a website or piece of software is using this particular Java library. In other words:
Everything just potentially got a little more dangerous, when it comes to cybersecurity. It’s up to everyone to work harder to protect themselves.
How to Protect Yourself from Log4j, as an Individual and a Business
It’s critical to use strong password hygiene. “Password123” isn’t going to cut it. Using the same passwords across multiple accounts needs to stop, immediately. This involves following the basic password best practices that we always talk about, like:
- Using a unique password for each account and website
- Using a mix of alphanumeric characters and symbols
- Using a sufficiently complex passcode to help with memorability without shorting your security
- Keeping passwords to yourself
Audit your IT IMMEDIATELY
All organizations need to bring in a professional to audit all of their technology and update what can be updated to remove the influence of Log4j. Not only will this help protect your business and your employees, it will also protect the interests of your clients and customers.
We recommend that you give Directive a call at 607.433.2200 to schedule an appointment. This is extremely important, and you need a professional set of eyes to audit your IT to make sure you aren’t affected by this awful vulnerability.