By now, you’ve almost certainly heard of the recent Heartbleed SSL security issue. When such critical concerns arise, we like to do our best to cut through the hype. In our experience, the root cause of most security issues is not under investment, but misplaced investment … a possible knee-jerk reaction that seldom provides tangible benefits.
So without getting into the technical details, what does this SSL security issue mean to you? The first thing is that, while a patch fixes the flaw, it does not address the core concern. Because the weakness is two years old, we must assume there is a high likelihood that some sensitive data was lost. Thus, we must determine both which data is at risk and what to do about it.
At the time of this email, the likely concerns fall into four categories: keys, certificates, passwords and vendors. Due to how the attack works, this information is vulnerable to theft and there is a possibility that it along with other related sensitive data might have been stolen. This means:
The problem is that, unless you had robust security monitoring in place, you can’t know if you’ve been attacked. While it’s likely that you weren’t, the risk of uncertainty will just continue to increase as time goes by. Luckily, fixing these problems is free. Here are the steps that industry experts are recommending you take:
We wanted to send this email to prevent yet another round of fear and doubt from stealing the resources you need to protect yourself and run your business. As you can see, despite what’s being reported far and wide, while the situation is serious and we’ll be dealing with this issue for a long, long time, the sky is not falling. If you have further concerns about this, or similar data security issues, please reach out to us.
Eyra Security is here to help you learn how to make the most powerful security improvements with the least investment. More information: https://www.eyrasecurity.com/
Global Velocity specializes in providing enterprise and cloud sensitive data control that is both cost-effective and flexible for businesses of all sizes. More information: http://www.globalvelocity.com/
We sincerely hope this email was worth the time you took to read it. Since we all only ever improve with feedback, please let us know what we could do better. Feedback Form
- Josh More, President, Eyra Security
- Sponsored by Global Velocity]]>