No one likes a wounded heart, including information technology professionals. With the Heartbleed bug wreaking havoc on the Internet, websites and online databases that were once secure are susceptible to hackers. As chief information officers and other IT professionals attempt to protect their companies’ and their customers’ sensitive information, they may find that simple changes to their Web-based accounts’ settings will not suffice. Instead, people need to break out the heavy artillery so they can ensure their data is not left out in the open, prime for the taking.
The birth of Heartbleed, ironically enough, came about when IT professionals decided to collaborate on an initiative to protect websites. Through the OpenSSL project, talented programmers came together, working to build up site’s Secure Sockets Layer so that they would be impenetrable from hackers. However, this open encryption endeavor went awry when an overlooked coding error made its way into the program’s feature. An OpenSSL employee was attempting to fix a number of bugs in the system when he made this detrimental mistake. Consequently, this glitch had an inverse effect on website security, opening gaping holes through which cyberthieves can access user data.
Adding to the severity of this situation is the fact that the majority of websites out there on the Internet now rely on OpenSSL. With approximately two-thirds of sites using this kind of encryption to protect their information, the consequences of Heartbleed are hardly isolated, and an expansive group of IT professionals are scrambling to secure their data.
Don’t just apply patches
Individuals attempting to do some serious damage control and guarantee hackers cannot infiltrate their pages have to be strategic and swift when it comes to the moves they make. Computer Weekly reported that this encryption glitch has prompted tech professionals to apply patches and switch their passwords, but those precautions are only palliative.
The source pointed out that there is really no way for IT representatives to determine which pieces of data have already made it into hackers’ hands and which have not. For this reason, their efforts have to be immediate, tactical and effective at actually protecting their information. They cannot afford to take wishy-washy steps that may not nip the problem in the bud. Otherwise, they could continue to leave their organizations’ and their customers’ information out in the open, setting themselves up for far worse issues further down the road.
“Organizations that just apply the patch and do not take other remedial actions will regret it later,” cautioned Erik Heidt, research director at Gartner, according to Computer Weekly. “Applying patches and changing passwords does not mean victory. A patch is just like a Band-Aid – it does not cure the sore.”
Automate access management features
Rather than making tiny tweaks that will not address the root of the Heartbleed issue, Heidt advised that people bring out their big guns, streamlining and automating their internal systems to reap immediate and long-term security benefits. As soon as automated features are in place, IT professionals can make changes to their systems, having them instantly applied throughout all of their functions. In the future, whenever they make modifications to their programs in the interest of data protection, they will be automatically implemented, ensuring that no portion of their programs are missed.
This is crucial, as CNN Money explained that various gadgets are left vulnerable due to Heartbleed. Hackers could tap into everything from phones to video conferencing programs to VPN. Because of this, having strong access management functions is key in all aspects of companies’ tech use, and automation could ensure uniformity with these functions.
Keep customers calm and carry on
If organizations find that the goods or services that they offer consumers are vulnerable to the bug, they need to be careful not to cause a stir. IT professionals should make their internal changes first, and then calmly recommend customers to take some actions on their end.
“Any datacenter operator should have been able to provide cool, calm advice to its customers, and should have had the tools in place to rapidly and effectively patch OpenSSL to get rid of the problem – and then advise customers to change their passwords,” stated Clive Longbottom, datacenter professional and director at Quocirca, according to Computer Weekly. ”There was far too much FUD [fear, uncertainty and doubt] around this – too much ‘advice’ to change all passwords now – which only makes the problem worse, as the changed password could be compromised.”