Man working on his laptop How often do you change your passwords, check for viruses, or update the software on your computer? If you’re like most people, you only remember to do so after hearing about a cyber alert.

In December of 2021, The Canadian Centre of Cyber Security issued an alert about a vulnerability in a popular logging tool, Log4j. This program, which is part of Apache Logging Services, is used by businesses across Canada. Given how many programs use Log4j, this security flaw will affect countless users and enterprises.

The vulnerability (which is referred to as Log4Shell) leaves systems vulnerable to cyberattacks. Bad actors can potentially gain control of an affected network. Then, they can remotely access and gain control of it. 

Remote code execution attacks are a serious security risk. Once a hacker has accessed the server, they can execute any code they choose. They can control a user’s computer, execute a ransomware attack, or access private information (including IP addresses and pages accessed).

Here’s what you need to know about the Log4j cyber alert:

 

What Is Log4j?

Log4j is a widely used logging tool. It’s an open-source utility written in Java. Log4j is a logging utility that’s used in major programs, including Apple iCloud, Amazon Web Services, and online games like Minecraft. 

A logging program has a few main uses. Primarily, it’s used to monitor errors and other events on a system. By checking log activity, operators can quickly debug a system. 

 

Who Is Affected?

Since Log4j is so commonly used, this vulnerability affects millions. If you use software that contains this tool, you could be affected by the Log4j cyber alert. This security risk is one of the most severe computer vulnerabilities in years

 

What Should You Do?

Since the issue was first detected, Apache has released a new version of Log4j (2.16) that resolves the vulnerability. Now that these fixes are available, the next step is for individuals and businesses to implement them. If your system operates using an older edition and upgrading it isn’t possible, Apache has also released several patches and workarounds. 

You must take immediate action to protect yourself from a cyberattack. But you might not know if the software or network you use relies on Log4j. To find out and resolve any vulnerabilities, we recommend the following:

As an individual:

  • Search online to see if any of the programs you use contain Log4j
  • Make sure to update any software that could use Java (or specifically Log4j)
  • Change your passwords on any systems affected by the vulnerability
  • Use a strong antivirus program

As a business owner:

  • Contact your IT support company to inquire about Log4j, and ask if the tool is used on your system. Ask them to inspect the system logs for any signs of suspicious activity. 
  • Disable all Log4j features
  • Find a patch to resolve the issue before re-enabling any Log4j features. Make sure to update any affected programs.

 

In life, we can’t predict when the next cyberattack or disaster will strike. But we can take precautions to protect ourselves. Taking preventative measures will keep your information and your finances secure.

Given how wide-reaching this issue is, we wanted to make sure our readers were aware of it. At Reider Insurance, we know how important it is to take action after an event like this. Make sure you’re covered with our home, business, or automobile insurance. For more information about our insurance policies, contact us today.