The Department of Homeland Security and Microsoft are warning computer users about a serious security hole in the Internet Explorer (IE) web browser. The vulnerability in IE is triggered when users click on a link or visit a website that has been constructed to exploit this issue, so careful browsing is important.
Many of our carriers are constantly working with their technology vendors and partners to adjust their security configurations and protect confidential business data. As part of that effort, we’d offer the following suggestions and information as interim considerations while Microsoft works on a more permanent and complex fix for this issue:
- Limit your browsing using Internet Explorer to known, good-reputation business websites.
- Do not follow advertising links or “pop-up” ads/content.
- Never click on links on a website or in an e-mail that take you to a place with which you aren’t familiar.
- Avoid sites with “Flash” content.
One of our carriers, Met Life Auto and Home, has offered advise on this issue as well.
- An Internet Explorer (IE) security Vulnerability patch was released on Thursday 5/1/2014 for all IE users, including windows XP.
- The fix will update machines for all users who have the automatic updates function turned on.
- If you do not have the automatic updates function turned on, we encourage you to apply the update manually as soon as possible.
On a more technical note:
- The Department of Homeland Security has recommended that firms reduce or eliminate their use of IE until a permanent fix is released. This is an appropriate consideration, but requires validation to ensure that business applications and processes can continue without issue using another browser.
- Work with your internal technology team to implement Microsoft-provided suggestions to reduce risk. (see: https://technet.microsoft.com/en-us/library/security/2963983.aspx)
- Update Flash plugins to the more recent versions. (see: http://helpx.adobe.com/security/products/flash-player/apsb14-07.html)
- Work with your Anti-Virus, Intrusion Prevention System (IPS), Firewall, and Content Filtering technology providers to implement their recommendations for detecting and preventing exposure.
Sources: Philadelphia Insurance Companies www.Phlyins.com; Met Life Auto and Home www.metlife.com
This information is provided as a guide by PHLY’s Risk Management Services and Information Technology Department and by Met Life Auto and Home. It does not prevent issues or guarantee your systems will not be compromised. Please use this information to consult with your information technology advisors.