Posts Tagged ‘IT audit tips’

How Can Heartbleed Affect You and Your Business’s Online Identity?

Friday, April 11th, 2014

The Internet is a powerful tool – something that can make our lives (and businesses) easier. But it also can be our worst nightmare at times. If you keep up on the news, you may recall within the past few days hearing something about “Heartbleed.” No, this isn’t the name of a new rock-n-roll band. It’s the latest threat to your security on the Internet. News sites started reporting on this newest Internet threat earlier this week. But as more and more has become known about this Internet defect, it’s becoming clear that everyone with an online identity needs to be concerned about it.

Heartbleed is an exploit that basically allows malicious users to run a tool that will gain them access to a Web server and provide them with usernames and password from that server. What can this defect potentially affect? Every website on the Internet. Bank websites, social media sites, online merchant sites … the list goes on.

Within the past couple days, a Heartbleed defect was discovered that allows hackers to access chunks of a server’s memory that could contain Personally Identifiable Information (PII). Sites that integrate a Secure-Socket Layer (SSL) encryption certificate are now at risk of this new defect.

Steps For Protecting Your Online Identity

So what should you do to protect you and your business from this risk? Follow these steps:

  1. Take inventory of all of your online accounts and make a list of your accounts.
  2. Before changing your online passwords, contact the businesses of any accounts that may have SSL certificates to ensure that the company has issued new certificates. To check the “grade” of an SSL-secured site, you can visit Qualys SSL Labs website and input the URL of the site you’re checking. Sites are graded (A through F) on how secure they actual are.
  3. Change your passwords for each of your online accounts.
  4. Clear your Web browsers’ cache, cookies and history. Check out this ZDNet article for step-by-step instructions on how to do this.
  5. Closely monitor your bank and credit card statements to make sure there’s no unusual or suspect activity.
  6. If you receive emails or other online communication that promises a solution to your Heartbleed woes, don’t buy it. These communications are more than likely spam connected to dangerous malware or pointing you to malware. Heartbleed is a very complex online security threat, and there’s not a simple, quick fix for it.

Need Advice On Protecting Your Online Identity?

Following the steps outlined above will hopefully help lessen your chances of becoming a victim of identity theft and fraud. If you have questions or need additional guidance on how to protect your business, contact our IT audit professionals at Rea & Associates.

Author: Joe Welker, CISA (New Philadelphia office)

 

Looking for other blog posts about protecting your business’s online identity? Check these posts out:

Do You Know Who Has Access To Your IT Network?

How Can I Protect My Business From A Data Security Breach?

How Can You Prepare For The Retirement of Microsoft Windows XP?

 

Do You Know Who Has Access To Your IT Network?

Thursday, March 20th, 2014

You may find that your business relies heavily on the technical support provided by third-party hardware and software providers. But have you ever considered whether your vendors have direct access to your business’s internal IT network without having to gain permission from someone within your business? If you’re not positive about how to answer, then it’s probably time to do some digging to see if that’s the case or not. It’s possible that your vendor(s) has access to your business’s sensitive data and devices.  (more…)

How Can I Protect My Business From A Data Security Breach?

Thursday, December 19th, 2013

We live in an ever-increasing digital world. And with that comes risk – and lots of it. The number of stolen debit/credit card numbers continues to grow every day. Today’s news story about how nearly 40 million Target customers had debit or credit card information stolen is the most recent example of the kind of risky, digital world we live in.  (more…)

What Are Some IT Audit Tips That Can Keep You off Santa’s Naughty List?

Thursday, December 19th, 2013

The end of the year is near, and it’s easy to get caught up in the excitement of the holidays. But don’t let that be an excuse to forget about your entity’s security and information technology (IT) operations. As you close out your year, here are seven areas and tips that can help you strengthen and further secure your entity’s IT environment – and keep you off Santa’s naughty list!  (more…)