Heartbleed Bug

It’s 2014 and even if you aren’t constantly using the internet or visiting an actual web page while you’re at work, your company is probably connected to some form of online server. While people are searching for jobs online, companies are searching for candidates online and the internet is a huge part of today’s recruiting industry. However, with being a part of the online community comes with the risk of being hacked. The most recent bug to affect companies around the world is called Heartbleed.

Heartbleed affected the “heartbeat” of a piece of software called OpenSSL, used for security on popular web servers. Once someone has access to OpenSSL they can take passwords, cookies, and information that can normally only be seen by web page administrators, and make that information public. While you may be the administrator of your company’s website, during the time your internal information is being transferred to the public, you will have no idea. The exposure gives an attacker potential access to steal a server’s digital keys used to code its communications and get access to any of a company’s internal documents located within their computer network.

The question on everyone’s mind depends on whether you’ve been affected or not. Companies who are being cautious are asking, “how can we prevent it?” while the victims of the bug are asking, “how can we recover?”

Kavaliro’s IT Manager, Tim Arnold, provided some helpful tips to answer these pressing questions!

What precautions should small businesses take going forward to protect their network?

• Plan and prepare for the worst
  This is true for a lot of things in business, but especially security. What steps do you take if an employee lets you know they accidentally downloaded a virus from an email? How about if your network faces a DDoS attack? Having a plan will help you make better decisions amongst the chaos that happens when there are IT failures within your company. Decisions that may impact the future of your business. On top of having a plan, put in multiple layers of preventative measures to try and contain issues before they become disasters. For example, network level filtering can make the difference between one computer having a virus and the entire network becoming infected and days of lost productivity.

What steps should individuals who work for a company that has been hacked take?

• ​Be calm yet vigilant
  Even before an attack happens, trusting your gut when something seems amiss can make a big difference. Many recent attacks aren't as sophisticated technologically, but they are highly targeted to try and deceive. Some examples of recent attacks like this is someone unexpectedly calls your company claiming to be your IT Help Desk and asks you to run commands on your computer (see Microsoft Article), or you receive an email from someone else in the company with a zip file attached that you weren't expecting. The first step is recognizing these attacks to protect yourself and your employer, but then take the next step and alert your IT department or higher ups so that they can investigate.

What kind of backup services should businesses invest in or research?

• ​Data backup ties back to your planning and prevention strategies
  Some companies have chosen to use cloud providers so that all their data is backed up automatically as they save files. Others employ entire hard drive backups. Company backup needs vary widely with this plan and the type of data you are saving. What is most important is to have a plan and a backup system in place before the issue hits. Business without IT departments should consult with a services provider who can advise on backup solutions that meet their needs and data sensitivity requirements.

While the Heartbleed bug has created chaos, there is a little silver lining. You can take this opportunity to upgrade security and create secure passwords for your entire company. Make sure that any documents with sensitive information are kept separately from the everyday files your company can access. Your entire server should be backed up on a separate cloud or hard drive. You can never be too cautious when it comes to your business!

Kavaliro Employment Agency has offices in Tampa, Fla., Charlotte, N.C., Orlando, Fla., Washington, D.C., and Jacksonville, Fla. and can make sure you find the right people for this important role. We are ready and waiting to help you anytime and look forward to hearing from you.