Information Security Update - What brokers should do to stay safe

View in browser

INFORMATION SECURITY UPDATE...

You may have seen in the news recently about the 'Log4j' vulnerability that has been discovered and announced around the globe.

We are pleased that we can reassure our brokers that the Toolbox and Adviser Portal systems are not affected by this vulnerability, we would also add that as part of the deployment of Toolbox and the Adviser Portal, we use multiple sophisticated security and protection tools to act as a first line of defence against vulnerabilities such as this.

TMA like any business will be assessing all the risks for our business and any impact that this could have on the overall proposition via our suppliers and providers.

WHAT SHOULD BROKERS DO TO STAY SAFE?

Contact any suppliers or providers of software/software services that you use, request that they confirm the current status of their products with regards to the Log4j vulnerability, give priority to anything available on the internet as these will be the easiest target for any attacker.

We recommend brokers read the following guidelines here.

WHAT IS THE LOG4J VULNERABILITY?

Log4j is a very common logging library used by applications across the world. Logging lets developers see all the activity of an application. Tech companies such as Apple, Microsoft and Google all rely on this open-source library, as do enterprise applications from CISCO, Netapp, CloudFare, Amazon and others.

The open-source Apache Log4j library has over 400,000 downloads from its Github project, according to cybersecurity firm Check Point.

The vulnerability is serious because exploiting it could allow hackers to control java-based web servers and launch what are called ‘remote code execution’ (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system.

Brokers should pay special attention to any solution they provide customers via the internet that holds customer data, as any exploit could expose that data. It is advised that you speak to providers/suppliers to get confirmation of their exposure to this vulnerability.

Read the guidelines here

hello@tmaclub.com | t. 0330 303 0236 | tmaclub.com