Have you heard about Heartbleed yet? It is the OpenSSL security flaw that became the “cause célèbre” of the Internet at the beginning of April. OpenSSL is a widely used tool that ensures Internet communications remain encrypted. And the Heartbleed bug renders it open.
Heartbleed is One of the Biggest Flaws in the History of the Web (So Far)
What that means is that hackers and others had access to classified information. Earlier this month, Bloomberg’s Michael Riley reported that “…the U.S. National Security Agency has known for two years about a flaw in the way many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence…” In fact, it’s been called “one of the biggest flaws” in the history of the web, “affecting the basic security of as many as two-thirds of the world’s websites.” According to the Bloomberg article, “its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.” Definitely not a small glitch in the system.
Start Your Security Planning Before You Need It
So why is it a “cause célèbre”? Because, as with many digital security hiccups, no one was aware that the flaw existed and there’s no real way to track what information was accessed – or wasn’t. While it’s definitely news, and people were right to change passwords, reports such as these can set off a public panic button. As the Wall Street Journal wrote, for many companies, the best thing to take away from this bit of flawed code is that it “will provide an opportunity to assure customers that a company has quickly addressed an identified, systemic issue and to help educate consumers about the importance of stronger passwords.” And that’s really what’s at the heart of this matter.
Practical Steps to Counter the Risks of Heartbleed
1. Follow good practices in password management. This area is one of the most commonly compromised vulnerabilities of corporate and personal systems. Passwords should:
- Be complex
- Get changed every 90 days
- Never be in succession
- Never have common themes
2. Maintain a password database. Also require users to remember their passwords, make them enter the password every time they log in to the system, and reinforce the importance of not disclosing their passwords to anyone. This includes administrators and IT managers.
3. Make employee compliance with policies a priority. Having your employees on board – from the intern all the way up to the CEO – is the first step toward ensuring that your company is secure and protected and a best practice in security risk management. Follow these steps and there’s a fairly good chance that the next time a glitch such as Heartbleed occurs, you won’t have any reason to panic.