Name: Joe Welker, CISA
Web Site: http://www.reacpa.com/joe-welker
Posts by Joe Welker, CISA:
The Internet is a powerful tool – something that can make our lives (and businesses) easier. But it also can be our worst nightmare at times. If you keep up on the news, you may recall within the past few days hearing something about “Heartbleed.” No, this isn’t the name of a new rock-n-roll band. It’s the latest threat to your security on the Internet. News sites started reporting on this newest Internet threat earlier this week. But as more and more has become known about this Internet defect, it’s becoming clear that everyone with an online identity needs to be concerned about it.
Heartbleed is an exploit that basically allows malicious users to run a tool that will gain them access to a Web server and provide them with usernames and password from that server. What can this defect potentially affect? Every website on the Internet. Bank websites, social media sites, online merchant sites … the list goes on.
Within the past couple days, a Heartbleed defect was discovered that allows hackers to access chunks of a server’s memory that could contain Personally Identifiable Information (PII). Sites that integrate a Secure-Socket Layer (SSL) encryption certificate are now at risk of this new defect.
Steps For Protecting Your Online Identity
So what should you do to protect you and your business from this risk? Follow these steps:
- Take inventory of all of your online accounts and make a list of your accounts.
- Before changing your online passwords, contact the businesses of any accounts that may have SSL certificates to ensure that the company has issued new certificates. To check the “grade” of an SSL-secured site, you can visit Qualys SSL Labs website and input the URL of the site you’re checking. Sites are graded (A through F) on how secure they actual are.
- Change your passwords for each of your online accounts.
- Clear your Web browsers’ cache, cookies and history. Check out this ZDNet article for step-by-step instructions on how to do this.
- Closely monitor your bank and credit card statements to make sure there’s no unusual or suspect activity.
- If you receive emails or other online communication that promises a solution to your Heartbleed woes, don’t buy it. These communications are more than likely spam connected to dangerous malware or pointing you to malware. Heartbleed is a very complex online security threat, and there’s not a simple, quick fix for it.
Need Advice On Protecting Your Online Identity?
Following the steps outlined above will hopefully help lessen your chances of becoming a victim of identity theft and fraud. If you have questions or need additional guidance on how to protect your business, contact our IT audit professionals at Rea & Associates.
Author: Joe Welker, CISA (New Philadelphia office)
Looking for other blog posts about protecting your business’s online identity? Check these posts out:
You may find that your business relies heavily on the technical support provided by third-party hardware and software providers. But have you ever considered whether your vendors have direct access to your business’s internal IT network without having to gain permission from someone within your business? If you’re not positive about how to answer, then it’s probably time to do some digging to see if that’s the case or not. It’s possible that your vendor(s) has access to your business’s sensitive data and devices. Read the rest of this entry “
You’ve probably heard by now about the Target data breach, but just this week other retailer data breaches during the 2013 holiday season have become known. In light of these broad, major data breaches, this is a great time to ask yourself: When was the last time you evaluated your business’s IT network? If this has been an area of your business that you’ve let slide, then let it slide no more! Read the rest of this entry “
We live in an ever-increasing digital world. And with that comes risk – and lots of it. The number of stolen debit/credit card numbers continues to grow every day. Today’s news story about how nearly 40 million Target customers had debit or credit card information stolen is the most recent example of the kind of risky, digital world we live in. Read the rest of this entry “
The end of the year is near, and it’s easy to get caught up in the excitement of the holidays. But don’t let that be an excuse to forget about your entity’s security and information technology (IT) operations. As you close out your year, here are seven areas and tips that can help you strengthen and further secure your entity’s IT environment – and keep you off Santa’s naughty list! Read the rest of this entry “
If you missed it… you should know that Microsoft recently announced that effective April 8, 2014, it will no longer release any security patches or extend support for its Windows XP operating system. You may be thinking, “So what?” Well, if your organization is running its IT systems on Windows XP, your organization could open itself up to security issues. Furthermore, if your organization is in the healthcare industry and using Windows XP, it could be held liable and found non-compliant with Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) laws. Read the rest of this entry “