In the computer security industry, April meant just one thing: end-of-support for Windows XP. This was a major milestone as Microsoft’s operating system had been a mainstay of business computers for years, and was about to be retired.
The concern was that security issues detected after April 8th (when support ended) won’t be fixed, and many thought that hackers had accumulated a number of attacks that soon they could use without fear of being blocked. While we were looking toward Microsoft Windows XP and preparing to deal with potential security problem, a new issue came from left field and took the whole world by storm.
A very small bug in a piece of software code used by millions, gave way to a very serious issue. Within hours, the bug had not only received a cool name, but had it’s own logo and a real ‘brand’. Heartbleed, as the bug was to be known, was one of the more serious threats we’ve seen on the Internet. It allowed hackers to gain usernames, passwords and other sensitive information, essentially just by asking a server for it. OK, it’s a little more involved than that, but you get the idea.
The Canada Revenue Agency (CRA) shut down it’s web site for almost a week, whilst they battled to put fixes in place. Many other web sites had similar tales; whilst on the other side, hackers were quickly sharing lists of vulnerable sites and targets to try next.
Heartbleed gave us many lessons, one of the most useful for small business is to make sure we have a well-defined action plan in place to deal with issues. For example, within hours of the Heartbleed issue being made public, some companies (the SBCN included) were already well involved in their incident response plans. These computer security issues do impact small business and it can be serious. Just how many of us knew exactly what we needed to do? If we didn’t, did we know whom to ask?
So just because we’re all thinking one outcome is likely, we mustn’t forget to keep our eyes open for the unexpected. Heartbleed was a wake-up call; let’s make sure we learn from the lesson and take some time to review our incident and crisis management strategies.
- Log in to post comments