I sent the following bulletin to my mailing list, but I thought I’d include it here as well:
Google and Microsoft have been in the news lately over the latest cyberattack from China. This one involves an exploit found in Internet Explorer versions all of them. (full report: Microsoft Security Advisory (979352) – Vulnerability in Internet Explorer Could Allow Remote Code Execution)
China’s been cyberattacking the world ever since it was just a little cyber. The primary focus until recently has been on military and government systems, or those with potentially sensitive information from a national security standpoint. This latest attack, Operation Aurora, differed in that it was aimed at business instead of government (Google and at least 30 other companies).
What does this mean for you? Well, first off, it’s a good argument to change web browsers to Firefox. While you’re at it, install a copy of NoScript. Minimally, you should update your Internet Explorer to the latest version (8) and keep it up to date so all the latest security patches are made.
Ultimately, it’s a good time to remember the basics. David posted an article on Thunderpaw, but here are the points:
- Change passwords regularly and use strong passwords.
- Change all important system passwords when employees leave.
- Backup backup backup. Store backups in multiple locations. Offsite if possible.
- If it’s important to your business, treat it as important! This may mean not making it available on the Internet at all, or even the LAN or WAN.
- Let your IT people upgrade Internet Explorer. If you’re still using IE6 for business then you don’t care about your business. (or switch to an alternative browser)
- Hire professional IT people, and trust them.
- Let your IT professionals know of “odd” behavior. Sometimes it points to security issues that need to be addressed.
Take a deep breath and exhale slowly.