Millions of internet users choose Internet Explorer as their web browser. Often issued as standard with Microsoft computers and laptops, it may not have all the bells and whistles of Chrome and Firefox, but it’s still a popular choice.
However, a recent security issue rendered one version of Internet Explorer a security risk to the Department of Labour when it gave hackers the chance to embed malware within a Department of Labour web page. Any employees using the site with Internet Explorer were susceptible to the so-called ‘Poison Ivy’ Trojan, which additionally allowed more malware onto the site.
As soon as the issue became apparent, Microsoft reported that they were working ‘around the clock’ to rectify the issue. Those who used Internet Explorer 8 were asked to install a quick fix-it patch while a long-term solution to the problem was researched.
The bug in question has been known to also target defence, aerospace and security industries. It is as yet unclear where or who the hackers were, but it has been suggested that hackers were working for foreign governments.
Learning from example
The instance of the hacking of such a prominent IT company is food for thought for any business owner – regardless of whether that business is big or small. Taking extra precautions to avoid the attack of malware or hackers is essential.
In order to adequately protect themselves from hacking attempts and viruses, employees and private users of computers and computing software should:
- Always make sure sites which are visited are reputable, and any ecommerce sites should display trust signs such as a VeriSign certificate.
- Run a daily anti-malware check. Malware and viruses can sneak in through websites, downloads or emails, so a frequent scan is essential.
- Ensure you use good passwords. Try not to use the same passwords for multiple sites, and use a mixture of lower and upper case letters.
Because there can be fines issued for the compromise of customer data, businesses need to go a few extra steps with online security. Andrew Mason, Technical Director of security and compliance company RandomStorm, suggests that businesses are often not aware of the security risks which they themselves have been enabling.
“In the first half of 2013,” Mason comments, “RandomStorm has performed almost four hundred network scans for 147 companies. The scans were performed on enterprises and SMBs operating in the public and private sectors.
“The top five vulnerabilities have all been related to web server SSL configuration issues and have not changed in the past year. The static list of vulnerabilities indicates that organisations of all sizes are failing to address the cyber risk to their information assets, in spite of cybercrime costs trebling in the last 12 months.”
In order to prevent security compromises, Mason suggests that every business – regardless of size – should have a solid IT security plan, developing a network that supports your goals. The issues which he pinpoints as being main causes of lax internet security include:
- Outdated secure socket layer (SSL) technology, with missing security patches;
- Outdated or self-signed SSL security certificates;
- Weak encryption cyphers used on SSL servers;
- Use of the insecure SSL V2 protocol on web servers;
- Support for HTTP Trace and Track on the company web server.
Employees should be kept in the loop regarding internet security at all times.