Protecting your business from the Shellshock bug

Posted By David Pollino In Your Business | No Comments

The Shellshock vulnerability is a wakeup call about the importance of regularly scheduled scanning for businesses of all sizes.

Young man running a program on a computer server in a hallway of servers. [1]We are fortunate at Bank of the West because we have no evidence that our systems have been directly affected by Shellshock. We are continuously evaluating our systems to protect against potential threats, including the Shellshock vulnerability, and software patches are applied as they become available. In the case of Shellshock, the Bank has also implemented other controls that we keep confidential.

Quick background: Shellshock is a vulnerability in Unix-based systems, including Mac OS X and Linux, that, if left unpatched, could allow hackers to remotely execute commands and potentially take over an operating system, access confidential data, or set the stage for future attacks. Apple has a customer support site with information and updates [2] related to vulnerabilities, including Shellshock.

A simple step to help your business

For businesses, this latest issue should prompt a discussion about network security and best practices for keeping a company’s systems as safe as possible. I say “as safe as possible” because, as we see almost every week, 100% protection of systems is nearly impossible.

One easy step every business can take is routine vulnerability scanning. A vulnerability scan essentially tries to find points in your computer network and systems that criminals and hackers may be able to exploit. Vulnerability scanning software can be downloaded from the Internet. There are versions for sale, and there are good free versions. For starters, take a look at tech writer Eric Geier’s piece earlier this year on on “6 Free Network Vulnerability Scanners [3].”

Benefits of regular scanning

Vulnerability scanning won’t solve all your problems, but it can serve two important functions to help protect a business.

1) Patches. Regular vulnerability scans — say, monthly — may help ensure that your business is aware of the latest patches and vulnerability fixes for all the software and operating systems being used by the business. Scanning software can flag out-of-date software that needs to be patched or updated. This is a key function of vulnerability scanning software.

2) Network weaknesses. In addition to software updates, vulnerability scans may identify other weaknesses in a network, such as a flawed network configuration or a weakness in network authentication processes.

Keeping a network secure can be a big task sometimes. As your business uses more and more software, protecting your systems may become even more complicated. Running a regularly scheduled vulnerability scan is a relatively easy step to reduce risk and help protect your business and your customers.

Article printed from Bank of the West:

URL to article:

URLs in this post:

[1] Image:

[2] support site with information and updates:

[3] 6 Free Network Vulnerability Scanners:

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.