Do I need to do anything about Log4J? Advice for small business owners

At Kloudwerk, our services are built on people. We offer a cyber expert to build a relationship with your IFA firm on a one hour, monthly basis. This way, we can assess the holistic cyber security risks which face your firm.

Do I need to do anything about Log4J? Advice for small business owners

Log4J, you’ve probably heard about it, but what is it and as a business owner, do you need to act?

Every few years or so, a critical security weakness takes the world by storm. The previous one you may have heard of was dubbed ‘Wannacry’. It took the NHS down as well as thousands of UK and global businesses. Log4J (also known as Log4Shell) is one of those critical security weaknesses which impacts a significant amount of the internet’s websites, services and infrastructure. In this article we will skip the technical details and jump to why it’s important to act, and what actions you can take. 

Why is Log4J critical?
Critical security weaknesses such as Log4J and Wannacry have a few things in common:
1. They are trivial for cyber criminals to take advantage of; no sophisticated tools or expert knowledge is needed. 
2. They can be exploited without said criminals needing any type of permissions such as an administrator account on your website. 
3. The impact of an exploitation can be extremely high.

“Log4J is akin to someone figuring out that mailing a letter into your postbox, with a specific address written on it, allows them to open all your doors in your house.”

What impact could it have upon your business? 
If your business runs a website, an online service or provides digital products, you may need to act. By not acting, you could be leaving your digital business open to exploitation from cyber criminals. For example, they could exploit your website and point your customers to malicious websites. Or, they could take your digital business offline and ask you for a ransom. Log4J is already being exploited and it has been evidenced as being exploited one full week before the critical weakness was even made public. 

The US Federal Trade Commission have even suggested US firms could face legal repercussions if they do not act to secure customer data against the Log4J weakness. 

What to do about it?
If you ascertained there could be impact to your business, ask your website/IT provider/suppliers what they are doing about Log4J. You can check your own website by using a free Log4J test provided by the ethical security research community. You simply copy and paste the generated characters into text field on a website you own, such as enquiry form boxes, search fields, login boxes such as username etc. You can then use the link provided by the test site to see if your website is impacted. If it is impacted, get in touch with your website provider or a security firm to seek guidance. It may have already been compromised. 

If the above tool is too technical, Kloudwerk’s free website security check includes a test for Log4J. Simply fill out the form and we will get back to you within 48 hours, advising if there are any serious problems with your site and what to do about it.

For a list of questions to ask your website provider or any technology suppliers, you can create a free account with Security-Scorecard and send up to 5 questionnaires using their Atlas questionnaire tool. Ultimately, any impacted websites, services or providers need to update their systems using Log4J to version 2.17.0 in order to patch up the critical weakness which exists in earlier versions. More info can be found on the Apache Log4J site here.

If you don’t already have a technical expert you can refer to, Kloudwerk would be happy to help you ascertain if you need to act, and guide you through the process. If you think your business may have already been impacted by this, ensure you get in touch with us or another expert. 

Kloudwerk works with you to help you keep the cyber criminals out. We offer affordable cyber security consultancy packages for business customers.  Please visit our Cyber Consultancy page for more information

Share:

Facebook
Twitter
Pinterest
LinkedIn

Leave a Reply

Your email address will not be published.

On Key

Related Posts

WEBSITE SECURITY REPORT

GOLD

Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner

SILVER

The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.

BRONZE

You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.