IT Management

Lessons from Heartbleed: 3 Data Security Takeaways

Kiri Picone

Share This Post!

Last week, the world caught wind of Heartbleed, a massive security flaw that has the internet in a tizzy. According to TechCrunch, the all-consuming security flaw exploits a bug in the implementation of OpenSSL’s “heartbeat feature,” hence its catchy name. The exploit in question allowed potential hackers to reveal up to 64k of unencrypted memory to a connected client or server. While not much on its own, parties could duplicate the exploit repeatedly, eventually uncovering private, sensitive data with little to no effort. Companies are calling this one of the worst security flaws to ever plague the internet. Yeah, it’s that big.

According to TechCrunch, the Apache web server that is responsible for powering about half of the internet’s websites uses OpenSSL. For those who don’t know, OpenSSL is an open source toolkit and cryptographic library that secures massive portions of the Internet’s traffic, including big-name sites like Google, Yahoo and WordPress.

While most of these websites have fixed the potentially hazardous bug, consumers and businesses should still reset their passwords on many common sites, including Instagram, Google, Yahoo and GoDaddy. Click here for a full list of websites that were affected by Heartbleed. Experts note that even though the problem has been patched on most sites, to be protected, consumers must change their passwords after the fix is installed (meaning that password changes that took place before April 7th won’t protect you). Huffington Post also reported on Wednesday that Android users might still be at risk from Heartbleed, particularly those who are utilizing older versions of the Google operating system.

Companies will need to update any machine that’s running the latest version of OpenSSL with all necessary patches, get a new SSL Certificate for secure websites and generate new encryption keys. Once the proper steps have been taken, businesses should notify users of the fix and prompt them to create new passwords.

Data Security: 3 Important Takeaways You Should Consider

While Heartbleed has caused quite a stir over the past few weeks, the exploit has also revived an important discussion about how businesses and websites handle and protect sensitive information and data. Over the past year, numerous data security threats have hit the news. And as Target’s massive data breach has shown, customers don’t take kindly to slip-ups in security. That being said, businesses shouldn’t cower in fear of being hit with a data security breach. By following these three digital security takeaways, you can ensure that your company will be able to handle any data security exploit that comes your way.

1. Your Customers Need Reassurance. The more that internet threats careen through our blogosphere, the more you need to reassure your customers of your commitment to data security. Depending on the size and nature of your company, this reassurance could come in the form or a quick tweet or organized email campaign.
   

   Has your data already been compromised? In the event of a data breach, transparency is key: Let your customers know what happened and what actions (if any) they should take, and then share how your company plans to prevent future data breaches.

2. Make Sure Your Data Is Actually Secure. When was the last time you took inventory of the data security solutions your company utilizes? Many of today’s data threats are 100-percent avoidable. You can protect yourself right now with these two steps: First, you should make sure that you have the correct data security solutions in place for your company. These solutions might include (but are not limited to) software for mobile device management (MDM), enterprise data backup, cloud security, endpoint security or SSL encryption. Next, you should make sure that all of the solutions you currently have in place are accredited and updated to handle new threats.
3. Data Security Is More Than Just Protecting Sensitive Information. While the most headline-grabbing security risk is the thought of sensitive information falling into the hands of hackers and criminals (credit card information, social security numbers, etc.), protecting this information shouldn’t be your only security concern. There are a number of factors to consider when protecting data:
   
   • For instance, a loss of data (sensitive or otherwise) can wreak havoc on a company, resulting in less revenue, wasted time and unhappy customers. However, a data backup solution (or even a Recovery-as-a-Service solution) can ensure that your data is always secure somewhere on the web.
   • Business owners should also inquire about the safety of any cloud-hosted solutions. While today’s cloud software is safer and more robust than in recent years, some solutions might be risky or unreliable. Discuss security provisions with your cloud provider before disaster strikes.
   • Lastly, depending on your company’s BYOD policies, you may need to invest in IT Management solutions that can protect and manage both outside devices brought onto the company’s network and company devices taken outside of the business network. There are a variety of MDM solutions and other IT asset management solutions that can protect your various networks, devices, platforms and servers.

 
While the current Hearbleed crisis is now under control, businesses face a number of security risks on a daily basis. To reduce your company’s risk for being targeted, strengthen your digital security strategy before it becomes an issue. To compare the top-rated digital security and IT management software solutions, download one of our many free Top 10 IT Management Software reports. In each report, you’ll get a side-by-side comparison of the best solutions in each segment. These will be a valuable resource in determining which products will best protect your assets and data.

• Consultant

Kiri Picone

Business-Software.com

Kiri is a former Business-Software.com marketing team member.