THE MEMEO BLOG

Heartbleed bug affecting consumer file sharing solutions

Mar 31, 2014

2014-03-30 Heartbleed.jpgIn today’s workplace, there are several areas that could produce security vulnerabilities and lead to the breach of mission-critical data. While much of this concern revolves around mobile capabilities and file sharing solutions, there are pieces of sophisticated malware that exist in cyberspace that can come from trusted sources like email, websites and advertisements. The Heartbleed bug is being called one of the biggest Internet security threats currently circulating the cybersphere, and it could be affecting users without them knowing it. Decision makers and consumers alike must ensure that their systems are protected and that their accounts have not already been compromised by the bug.

While it can be easy for employees to leak information from their devices, Heartbleed is a sophisticated risk that must be appropriately prepared for. The bug has been present in free OpenSSL encryption software that is widely used to protect online accounts for more than two years, and has created a significant security gap. Among the 500,000 sites that could be vulnerable to the threat, consumer-grade online file sharing providers like Dropbox were listed among those that use the security software in their systems. The bug may have recorded fields such as financial data, personal information and passwords that were kept within the OpenSSL encryptions. However, the bigger question is whether malicious parties were secretly using the vulnerability to steal other components over the past two years.

“Beside emails and chats, OpenSSL is also used to secure virtual private networks, which are used by employees to connect with corporate networks seeking to shield confidential information from prying eyes,” Times Colonist stated. “Heartbleed exposed a weakness in encryption at the same time that major Internet services such as Yahoo, Google, Microsoft and Facebook are expanding their usage of that technology to reassure the users about the sanctity of their personal data.”

Protecting business data against advanced threats
Heartbleed and other threats have increasingly been targeting users to gain sensitive information. This development can substantially affect business success and personal well-being. In order to counteract the bug, many sites using the OpenSSL encryption software have prompted users to change their passwords. While this measure will be essential to deterring a data breach, organizations can deploy mobile access control to have better oversight into who is viewing company data and ensure that unauthorized parties are not granted entry. A secure file sharing program will also have its own encryption and remote wipe capabilities, making it more difficult for any threats to compromise sensitive information.

Financial Post recommends waiting for afflicted sites to deliver a patch before entering any login information or changing settings. By ensuring that the page has been fixed, users will have better peace of mind and be able to protect their essential data. Users are advised to start with their email and bank accounts, as these often hold substantial information that could be affected. As Heartbleed continues to work its course, organizations should reinforce their security measures to protect their critical files.



Tags:
Category: Data Security


Archive