Few people can have missed the furore over the Heartbleed security bug. While most scares are related to just one or two sites, Heartbleed was a highly unusual security crisis that affected 17 per cent of secure servers on the internet.
Such a massive security breach presents some uncomfortable truths to every business that trades online. Despite the best efforts of everyone involved, there will always be the potential for hacking and security problems. And for thousands of businesses, just one breach like this could wreck its reputation forever.
The Heartbleed Effect
Heartbleed is a bug in a particular version of OpenSSL, the technology used to secure many websites across the internet. The reason it had such a big impact is because OpenSSL is trusted on a massive scale, and it is used on a massive range of websites, each with millions of users.
Online, users have been trained to look for padlock icons and other assurances that guarantee security, but Heartbleed proves that even the most vigilant user can be caught out. This seems unfair, in a way, since the user has done nothing wrong.
Prominent security experts dubbed the Heartbleed bug to be “catastrophic”. Joseph Steinberg, writing for Forbes, said it was the “worst vulnerability” in recent years.
Seismic Impact
Online, businesses need to know that their data is secure. After all, data flows through the business like the blood in its veins; if compromised, one of its biggest assets is lost.
Heartbleed is the latest in a string of high profile security breaches. In 2013, many prominent sites (including the New York Times, Facebook and Apple) fell foul of security problems that affected users and employees. Many of these attacks were facilitated by malware that infected computers and spread through systems.
With so many threats, can businesses ever feel confident in security?
It pays not to be complacent, of course, and every business must play its part in securing its own systems. This prevents its information from falling into the wrong hands. At the same time, it would be unrealistic to expect 100 per cent security, 100 per cent of the time, and businesses need to be proactive in limiting exposure.
Preventing Security Problems
While Heartbleed exposed a significant fault at the heart of online security, that doesn’t mean that security should be less of a priority for businesses. Email security is particularly important, since it’s the primary route by which information leaves the company (and the primary channel for malware to sneak in). Secure email and encryption both help to make email more useful as a method of communication. Mimecast is one vendor that offers a variety of security solutions in one product.
But by far the most important aspect is one you may not have considered. Businesses must ensure a high level of usability across the business’ systems, particularly those (like email) where there is a high likelihood of data leaks. By improving the capabilities of a system and making it fit for purpose, users are more likely to use it.
With email, that means using approved methods to distribute files and information. If the email system does not meet the needs of the people who use it, they will come up with new ways of working that may not incorporate approved channels. And that is by far the biggest security risk a business can encounter in its lifetime.
Photograph by Bill Burris/Descrier Images