By now you may have heard about the “Heartbleed Bug”, a serious security vulnerability in the OpenSSL cryptographic library. The OpenSSL library is used by a number of different computing platforms to secure communication between a client (typically in a web browser session) and a secure endpoint, typically a web site or device used to allow access to secure business systems. Anytime you are conducting a transaction online you are typically using SSL, and you can tell that you are doing so when the URL starts with “https://” or when you see a padlock appear in the browsing session. It is estimated that this vulnerability effects upwards of 50% of Internet web sites that use SSL, so the scope of the bug is potentially huge.
Because the vulnerability exposes extremely sensitive information to an entity who tries to exploit it, such as usernames, passwords, banking information, credit card information, and more, the threat is a very real and very serious one. You should take all reasonable precautions to secure your environment if you have systems that contain the vulnerability, as well as being aware of any communications from online vendors, such as banks, that may reach out to you indicating that they may have been subject to the vulnerability and that data may have been compromised.
For more technical information about the vulnerability you can start by looking here.
Thrive suggests that you do the following in response to the Heartbleed vulnerability:
- Analyze and secure your business systems that have the vulnerability present by shutting down and / or patching effected systems.
- Reach out to your third party vendors or providers about systems that utilize the Open SSL cryptographic library to ensure that the vulnerability is not present in those systems.
If you have any questions or would like Thrive to conduct a security audit of IT systems that are not managed by Thrive directly, please contact Thrive Networks today.
Firewall management is a necessary but tedious and time consuming effort. It also requires industry-specific expertise in order to avoid costly security breaches which can jeopardize compliance requirements.
Meeting compliance requirements for your specific industry can occupy a significant amount of your IT professional’s time. Additionally, it can be difficult to find an IT expert with the appropriate industry experience to ensure all of your compliance requirements are met and your network is protected against unauthorized access.
When you choose to manage firewalls in-house, this requires a resource intensive effort since it involves device deployment and configuration, constant upgrades and security patching, in addition to monitoring upgrades to ensure the appropriate controls are installed to meet necessary changes in business processes. Then the network traffic must be continually monitored for threats so these can be acted upon in a timely manner to avoid costly breaches.
Regardless of your industry, staying proactive with patch management can be a time consuming but extremely important effort. This is where a managed patching provider can be an invaluable resource.
If you were to conduct a survey of businesses to discover whether or not they are happy with their patch management strategy, the majority of them would likely say that they struggle with patch management processes and are overall dissatisfied with their patch management system. If you are one of the businesses that is constantly burdened by patch management, here are a few of the most common issues companies face and how a managed patching provider can help.
Traditionally spyware and viruses have been mostly a nuisance as it relates to your PC or laptop. You might notice that your system is sluggish, and you might have to clean up or even rebuild your operating system, or worst case, pay someone to perform a cleanup and spyware removal for you if you don’t know how to do it yourself. Recently however a new and far more malicious form of spyware has started appearing on unprotected PCs, and its payload is far more dangerous and the cost of recovering from it is far higher than ever before. Its name, Ransomware, says it all – it is spyware that takes over your data or your system itself and holds it hostage from you unless you hand over your hard earned money to the criminal who has infected your PC in exchange for your data or access to your computer back.
With threats like this in the wild, it is prudent to be aware of how you could become infected, what you can do to protect your data and your PCs, and what you should do if you suspect your computer has been compromised.
When it comes to keeping your business up and running, it is all about the time factor. Time determines how fast you can recover business operations in the event of an outage or natural disaster. If you have already completed a risk assessment, the business impact analysis ensures that you do not incur additional expenses which can result from slow recovery time.
Although you may have already completed a risk assessment and you know what critical business operations must be recovered, this will not matter unless you can recover them within a reasonable amount of time. By conducting a business impact analysis this will ensure efficient business continuity in the event of a catastrophe.
So what are some of the key components you should consider when conducting a business impact analysis?
The Department of Homeland Security (DHS) last week released an alert indicating that all versions of Java up to and including the then latest Java version 7 update 10, contained weaknesses that could allow a malicious attacker to run code on a machine that had Java installed and enabled in web browsers on that system. What made this notification unique is that the DHS was encouraging users to disable or uninstall Java altogether whereas in past security bulletins they generally gave feedback on how to steer clear of threats to US computer systems.
Outsourcing has been growing in popularity. It represents an opportunity for companies to expand, as needed, while cutting the costs associated with new technologies and services. Recent studies conducted by Computer Economics, Inc. showed outsourcing made up only 4 percent of IT costs in 2008. By 2009 this percentage increased to more than 6 percent. By 2011, outsourcing IT services made up more than 10 percent of the total IT expenditures, and this trend has only continued in 2012.
This means that choosing the right outsourced IT provider is now more important than ever. There is a lot at stake in terms of business continuity, company productivity, growth of revenue, and company expansion.
Part of choosing an outsourced IT provider is knowing what mistakes to avoid. Investing the time at the beginning means fewer headaches over the long term and minimizing the potential for unexpected costs as a result of making the wrong decision.
Quality network security is an essential part of the operations for your business and meeting data protection compliance and regulatory requirements. It sounds really simple to say you just want to “keep the criminals out” while keeping your business in productive mode. Unfortunately, with the increased demands for technology and information security, this can result in a significant time investment.
Network security is no longer about just deploying firewalls and an antivirus program. Regardless of the size of your business, the latest threats are very advanced. This is why many companies are opting to use enterprise-class network security protection services to increase protection while saving time and money.
If you have never used this type of service for your company or small business, here is an overview of the core levels of protection that a network security protection service can provide.
The events of September 11, 2001 changed a lot of things including the manner in which businesses assess risk and devise plans to deliver critical services in the event of a disruption. Although catastrophic events have a minimal probability, the businesses that plan carefully for business continuity are the ones that stand the best chance of continuing their services in the event of a disaster.
It does not take a monumental catastrophe to disrupt daily operations of a business. Sometimes it can be something as simple as a power outage or intermediate interruptions that result from a storm or an attack instigated by cyber criminals.
Having a business continuity plan in place means arranging to continue to deliver services which are the most critical to business operations and identifying the resources which are needed to support business continuity. In order for a business continuity plan to be effective there are key critical components that must be present during the planning process.
Network Security in today’s high tech environment is now more important than ever. Hackers and cyber criminals have gotten very sophisticated in the methods they use to carry out exploits. For many companies this means added layers of security and infrastructures which create a network with many different facets.
In today’s economy many businesses do not have the resources which are required to implement the necessary equipment and employ staff with the skills to maintain network security. This represents a very real challenge for companies in terms of data security, business continuity and productivity. This is where network protection services can be invaluable when it comes to protecting company assets.