informa
/
2 MIN READ
Commentary

Network Solutions Small Biz Widget Woes Offers Security Lessons

A compromised widget accessible from Network Solutions, Inc.'s small business advice site turned out to be dealing in drive-by malware, and doing so for quite a while.
A compromised widget accessible from Network Solutions, Inc.'s small business advice site turned out to be dealing in drive-by malware, and doing so for quite a while.The compromised widget, revealed last weekend to be downloadable via Network Solutions, Inc's (NSI) GrowSmartBusiness.com advice site, had in the course of its life (evidently a few months)spread itself to hundreds of thousands -- some say millions -- of domains parked at NSI and awaiting development.

NSI removed the widget link, and "also removed the widget from the open source, third party provider's widget library."

Removing the widget from the company's parked domain template, NSI announced, removed the widget from any pages parked at NSI. But the company also recommended that anyone who downloaded the widget to a web page remove it and, further, run a malware scan.

While there will doubtless be some ongoing back-and-forth between NSI and security observers and companies -- it was Armorize that first sounded the the widget alert, and calculated that as many as 5 million parked domains might be compromised -- the lessons for small business here have more to do with counting your digital assets than counting up the number of widget infections.

Ask yourself:

How many parked (registered in order to hold the url) domains do you and your company have at the moment?

Who is your domain host and how closely do you monitor the news for stories about them?

What other ongoing but not necessarily active digital assets does your company have -- e-mail and other accounts are a good place to start -- and how long since you've checked their status?

How many third-party widgets, apps and other extras have you added to your sites -- and how confident are you that they are all safe and infection-free?

For that matter, how long since you've performed this sort of broad digital audit of your company?

Your company's digital assets -- and digital risks -- extends beyond the equipment in your workplace.

Particularly as it becomes easier and easier to add external bells and whistles to your sites, you should add keeping a wary eye on each and every one of them to your constant security checklist.