However, as cloud-hosted application providers, we think it’s our responsibility to keep abreast of news about risks and security threats. And we also think it’s our job to share with our customers and readers news and information they can trust about security risks. And Heartbleed may be one of the most significant security vulnerabilities to break out across the internet in years.
Here’s our quick overview of some of the news that we think you might find helpful during this information security crisis.
After all, it’s our business to make your business better.
Sensitive data and documents stored within eBizDocs’ eBizCloud© environment are protected from Heartbleed and always have been protected against Heartbleed.
How do we know? Heartbleed does its damage through a vulnerability in the OpenSSL protocol, which is used by millions of web applications to transfer data from one computer to another through the internet. eBizCloud© does not use, and never has used, OpenSSL (it uses a different method for data transfer), so rest assured, your files and information are secure.contact our support center for more information. We’re always happy to help!
Number ONE: Your business cannot afford to ignore the potential legal and security fallout from Heartbleed exposure.
If you stored any customer or employee information in a cloud-hosted storage solution, (especially those files included any personal information!), it is imperative that you find out:
1. If your hosting provider used OpenSSL. If it did, your information was vulnerable to security breaches due to Heartbleed. Contact your hosting provider if you aren’t sure – and check this great post by Greycastle Security as a first step. Remember to check any mobile devices that your employees may be using to manage or store business information as well – these were also affected by the bug.Note: Many providers have been downplaying the risks, saying that everything is fine now, they’ve fixed the issue, and they’ve done extensive research and there were no breaches. Be wary of these statements. The “hack” is untraceable, therefore, the site owner has no way to know for sure if anyone grabbed your passwords and accessed your data at any point over the last 2 years. In short, if the site used OpenSSL, the data was vulnerable.
2. Do whatever your provider recommends to correct any issues on your end. At the least, this will require that you change all passwords to these sites and possibly upgrade software.
3. Check out this very detailed FAQ by Infolaw.com to determine what legal steps you may need to take to manage the risks from exposure. According to their experts, you should assume that any information stored on vulnerable sites may have been breached for up to 2 years (without your knowledge and without any evidence) and act accordingly. This may include notifying your customers and/or employees of potential data breaches.
3 helpful facts you need to know about Heartbleed (as we understand them):
1. Does it affect me as a consumer? In a word, yes. The Heartbleed vulnerability has affected virtually every major web application, including Dropbox, Yahoo, Gmail, and more.
2. What caused it? This is not a virus; it is a vulnerability in the Open SSL code, which is the computer language used when a message is sent through the internet from one computer to another.
2a. (NEW!) How does it work? Here’s a great cartoon/infographic that gives a great visual of how hackers can take advantage of the Heartbleed OpenSSL coding error to gain access to the “secret keys” to unlock the gate to the security systems on vulnerable servers.
3. What can I do to protect myself and my business? It’s up to the web application to fix the problem, not you. Check to make sure the site has corrected the problem before you log back in, and change your passwords frequently.
Here’s a list of some of the latest information from generally trusted sources on Heartbleed – please feel free to share your thoughts or suggestions below!(last update: 4/14/2014; 10:50 am)
— MetLife (@MetLife) April 14, 2014
A great overview from CNET, explaining in detail what consumers can do to protect themselves from the effects of the Heartbleed bug.
— GreyCastle Security (@GreyCastleSec) April 14, 2014
This article by ZDNet advocates that consumers take a very active approach in securing their financial data- including all credit card information, passwords, and online account information. Basically, they take the better safe than sorry approach.
— CBC News Alerts (@CBCAlerts) April 14, 2014
Actually entitled: “Here’s How To Protect Yourself From The Massive Security Flaw That’s Taken Over The Internet,” this is one of the best business-focused descriptions of Heartbleed and what it means for you and your business that we’ve seen to date.