1 min read

FTC Enforcing That Businesses Patch Log4j Java Security Issue

By now you’re almost certainly aware of the Log4j Java issue.

It’s a serious and fixable flaw relating to java logging.

Recently the United States Federal Trade Commission (FTC) has issued a chilling warning to anyone who hasn’t yet fixed the flaw and protected against the vulnerability.

The FTC’s statement reads in part as follows:

“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. 

Failure to identify and patch instances of this software may violate the FTC Act.

The Log4j vulnerability is part of a broader set of structural issues.  It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. 

These projects are often created and maintained by volunteers, who don’t always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.

This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security.”

The FTC has already made it clear that they’re not playing around with this issue either.  Not long ago in 2019, they hit Equifax with a staggering $700 million fine because of customer data exposure.

The FTC clearly has the muscle to make this threat stick. So if you haven’t already installed the remedy for Long4j, do it now before you lose track of it. Keep an ear to the ground for other similar issues.

These Fines Can Be Devastating

Fines of the sort that the FTC is threatening are enough to rock any business back on its heels. So don’t take any chances.  Stay vigilant out there.  It’s going to be an interesting year.

Used with permission from Article Aggregator

The Cybersecurity Tools Are Fine. The Strategy Is What's Missing

The Cybersecurity Tools Are Fine. The Strategy Is What's Missing

TL;DR: Most businesses that experience a serious cyber incident had security tools in place when it happened. The problem isn't the firewall or the...

Read the full blog
What Your Law Firm's Ethical Obligations Actually Require from Your IT Infrastructure

What Your Law Firm's Ethical Obligations Actually Require from Your IT Infrastructure

TL;DR: Law firms holding privileged client data aren't just security targets; they're ethical custodians with documented obligations under ABA Model...

Read the full blog
Your Law Firm's IT Partner Is Either an Asset or a Liability. Which One Do You Have?

Your Law Firm's IT Partner Is Either an Asset or a Liability. Which One Do You Have?

TL;DR: Most law firms don't have an IT problem; they have an IT partner problem. A generalist provider can keep the lights on, but supporting legal...

Read the full blog

1 min read

Why Your Law Firm Needs Managed IT & Data Backups in Portland OR

Data is the lifeblood of every law firm. From client information and case files to important legal documents and communications, the loss of this...

Read the full blog

1 min read

WhatsApp Provides Disappearing Messages Feature to Improve Security

Whatsapp has had a tough year from a security standpoint and has suffered losses in the size of its user base as a result.

Read the full blog

1 min read

Beware Certain Sites Because Of TSA PreCheck Renewal Scam

According to a report recently released by Abnormal Security there’s been a huge upsurge of instances of people getting scammed after visiting what...

Read the full blog