Everyone is talking about the security threats Meltdown and Spectre. Now I am too.
What do these processor vulnerabilities mean for you as a small business owner? Do you need to replace everything and buy new software? Will your computer suddenly be really slow or bricked? My short term answers are: Everything and nothing. No. I hope not. The long term answers and the effects remain to be seen.
Don’t get me wrong, they are serious issues and it’s important to mitigate the risks while more permanent fixes trickle down the technology chain.
Don’t freak out
The fear-mongering click-bait headlines drive me nuts. Yes this is a very important threat to technology that has huge implications throughout the industry, especially as it’s (from what I’ve read) impossible to tell if you’ve been exploited! However, as a small business owner you have enough to be worried about. As long as you don’t go bury your head in the sand and take good faith actions to keep your technology secure and updated, I wouldn’t worry. Yet.
When a big story like this makes it into the mainstream media, go beyond the first story you read. Check a few sources to gain a better picture of what’s going on.
While you don’t have to understand every technical detail, it is a good idea to subscribe to update notifications of the companies behind the technology you use. If they don’t obviously have a way to automatically learn about changes, contact them. If they don’t respond saying “we release this information to our customers/the public here”, I suggest looking for a different solution! Openness and trust are important!
What should you do if you receive an email from a tech company that seems important but you can’t make heads or tails of it? Let me know and I’ll help you figure it out.
If you want to geek out over security, I suggest signing up for CERT Vulnerability alerts.
Backup first! Patch! Run updates! Make sure the hardware and software you use is being maintained. Check company websites and send a query to the manufacturer if you are unsure.
As an example, if a WordPress plugin you use hasn’t released an update in over a year, find out why. There’s a high probability it’s not being maintained. It’s best if you find a new solution sooner than later. While WordPress plugins are not directly related to these issues, it’s a good practice across all your technology.
- Spectre/Meltdown this is a very good general resource.
- CERT Vulnerability Alert for Spectre/Meltdown
- Today’s CPU vulnerability: what you need to know from Google Online Security Blog
- Meltdown and Spectre: Security is a Systems Property
- xkcd on Spectre/Meltdown 😉