How to Avoid Putting Your Company at Risk of a Security Breach: What Meltdown and Spectre Vulnerabilities Are and How to Prevent Them Last summer, researchers at Google discovered two major security flaws that affect nearly every computer and cell phone device manufactured in the last 20 years — Meltdown and Spectre. These security vulnerabilities are extremely clever because they access highly protected information on computers and cell phone devices, making them potentially catastrophic for you and your organization. Fortunately, there are ways you can protect your business from being the victim of these dangerous security breaches. However, you need to understand what these malicious vulnerabilities are and how they sneak into your protected and confidential information. Meltdown Meltdown attacks by accessing private information when a user visits a website. This confidential information includes your Wi-Fi password, other login passwords, photos, emails, messages and confidential business documents that are stored in your system’s main memory (RAM). A user with a vulnerable processor, which runs on an unpatched or an outdated operating system, is more susceptible to a Meltdown attack. More specifically, desktops, laptops and Cloud computers that use an outdated or an unpatched system, are all at risk of a Meltdown attack. Spectre Although Meltdown and Spectre are very similar, Spectre is considered more catastrophic because it is harder to detect and mitigate. Spectre can read your system’s memory from any program. In particular, Spectre can attack nearly every personal computer, server and smartphone because of its modern fundamental design processors. Spectre has the capability of tricking your system memory into accessing arbitrary locations on your software. It can even access your banking information by retrieving your password when you log in to your bank account. Although Meltdown and Spectre are tough security breaches to prevent, software developers have come up with security features to help fight these malicious programs from accessing your private data. Ways to protect computers Your business’ confidential information is often stored on company computers, so securing these devices should be a priority. According to Tech Rader, “Windows PCs are likely to be hit hardest by Meltdown and Spectre, regardless if they run on Intel or AMD processors.” Windows responded to this statistic by releasing a security update, which aims to protect users against attacks. The update is available for Windows 10 and previous versions as well. You can check if your Windows PC or laptop is up to date by searching “windows update” in the taskbar and select “check for updates.” There is also a security update for Mac users. Apple has released several updates that target Meltdown and Spectre on the MacOS 10.13.2. You can access your updates on Mac by searching the App Store and looking for macOS and OS X software updates. Ways to protect smartphones In January, Google released a new update that includes patches to help protect smartphones from malware such as Meltdown and Spectre. The best way to ensure your devices have the latest security features is to regularly check for new software updates and implement them as soon as possible. You can access your updates by opening the “settings” application on your android smartphone and go to “system” to check if there are any outstanding updates that need to be made. Apple also released a security update for iPhones and iPads to patch the Meltdown and Spectre issues, which were initiated in iOS 11.2. To access your updates, go to “settings,” then click on “general” and then “software update” to see if your device has the latest update installed. Although Meltdown and Spectre can be extremely dangerous, you can install the latest software updates and patches to ensure you and your organization are safe from these malicious programs. Next time your device is asking permission to install an update, don’t delay. Instead, install those trusted software updates as soon as possible to prevent malicious programs from sneaking into your systems. Sources: https://www.techradar.com/how-to/how-to-protect-against-the-meltdown-and-spectre-cpu-security-flaws https://www.csoonline.com/article/3247868/vulnerabilities/spectre-and-meltdown-explained-what-they-are-how-they-work-whats-at-risk.html https://meltdownattack.com/ https://www.techrepublic.com/article/spectre-and-meltdown-cheat-sheet/ https://support.apple.com/en-us/HT208394 https://www.techopedia.com/definition/24537/patch https://www.youtube.com/watch?v=bs0xswK0eZk https://www.youtube.com/watch?v=syAdX44pokE Jack Schroeder Jack Schroeder is the Vice President of IT for Aureon. Schroeder is responsible for the strategic, operational and financial performance for Aureon IT. He provides leadership for the continued development of an innovative, robust, and secure information technology environment throughout Aureon. Schroeder has extensive experience in computers and system integration, as well as development and implementation of comprehensive strategic technology initiatives. He has held IT leadership positions at Scientific Games International Inc., Iowa Lottery Authority, and Mediacom Communications.