Heartbleed underscores need for data security and password policies

By Larry Velez, Sinu founder and CTO

By now, many websites have completed the patches necessary to fix the Heartbleed bug. On April 7, a serious flaw in the OpenSSL encryption code was discovered with nearly half a million sites vulnerable to hackers looking for passwords, credit card information, and other personal data.

As the dust begins to settle, many questions remain about how to best protect our personal and business data from other future online security risks. Here at Sinu, we have always advised our customers to implement password and security policies. Here are a few of our short- and long-term recommendations to help protect your data:

1) Change all passwords you use across your business solutions as soon as you can.  While this is inconvenient, it is by far the best step you can make to protect your privacy, data, and company from Heartbleed and other vulnerabilities in security.

2) Get into the habit of changing these passwords at least once a year, ideally four times a year. Many companies and systems will begin requiring regular password changes, so you will want to get in the habit of doing that starting today.

3) Think about your password generation strategy. There are several options to generate secure passwords:

  • Use a sentence-like password such that uses a combination of letters, numbers, and special characters.
  • Consider reducing the number of solutions you use and closing any accounts you have not used in the past year. This can be tedious at first, but can significantly reduce your risk profile.

4) Enable SSL and/or Two Factor Authentication. Many services have an option to send you a text message in order to log in. This requires someone who might have your password to also have access to your mobile device. This option significantly improves security.

Sinu has worked with our enterprise technology partners to confirm that any vulnerability to the Heartbeat bug has been patched. Click here to see this report.

There is no single answer to protecting your data. It is a dynamic process that needs to be integrated into your organizational infrastructure. Here at Sinu, we strive to find a balance between convenience and security to make security and password policies easier to implement. If you have any questions about Heartbleed or need help with making these password and security changes, please contact your Sinu account manager or email our support team.