For the second time in 2 years, Avast has had to admit its CCleaner software has been compromised by a supply chain attack. If you have CCleaner installed on your machine, uninstall or update to the new version to assure your own system is not compromised by the software.
I offer the uninstall option because, to be cybersecure, you have to do a risk-benefit analysis. Don’t default to an “oh well” update. Make a conscious decision to use the program considering its recent track record and own the outcomes, or uninstall it and move on.
I have never used the program, and I never will. Two compromises in 2 years is a lousy track record. If you use the program, inform yourself about what you are putting on your computer and the security of the company behind it. (You can read about the 2.27 million compromised CCleaner software downloads here and about its latest cyber attack caused by a lapse in basic security protocols here.)
The upshot? Demand cybersecurity from your vendors. Research software before adopting it and continue to monitor its security (here is how to do that).
Solos and small businesses often feel too small to demand anything. That is a counterproductive mindset. Your reputation is your business. Your clients deserve the best security you can give them, and that includes your supply chain (yes, you have a supply chain!).
To learn more about cybersecurity for individuals and small businesses, check out the Freelancer’s Guide to Cybersecurity and its list of resources.