After Heartbleed: Five simple steps for more security
The heartbleed bug is causing furor within the tech community. The ongoing global debate about internet surveillance by intelligence agencies is (finally) making companies think harder about securing their business secrets. Cyber attacks increase and criminals are out to get your credit card data, passwords are routinely stolen from large online services. What are very simple things you can do now, today, to make your online work just a little bit safer? Here are five really basic things that require little effort but already go a long way.
1. Change your passwords now
Mashable has a nice rundown of whether popular services are affected by the bleeding heart OpenSSL bug. Now is a good time to change your passwords for most of the services you use daily. Pick a well-to-remember but logical-only-to-you password, and a different one for each. Most importantly, change them on these compromised sites after they have fixed the bug. Keep an eye out in the news to see what these companies are announcing.
In general, regular password changes reduce the risk of security problems, especially in cases where large amounts of passwords are stolen. If you change it, the stolen one is obviously no longer helpful to the criminal.
2. Switch to HTTPS
There is a neat plugin by the EFF called HTTPS-Everywhere for most popular browsers which forces HTTPS connections while browsing. A lot of services do have https alternatives, but don't offer them by default. Even though a lot of companies are finally upgrading their services or even offering perfect forward secrecy, many sites still do not.
Most browsers show a little lock in the address bar to illustrate whether the current site is offered via an https connection, and a click usually shows the certificate.
Whether offline (e.g. a NAS powered storage solution) or online (an encrypted cloud storage or space on your own infrastructure), back up your data regularly. Especially in a hosting environment it is often fairly easy to set up redundancies, automated backups or mirrored hard drives. Prepare yourself for the worst, because you do not want to have that kind of painful learning effect.
At LingoHub we mix automated and manual backups, both of our own system files as well as the customer data. Offline backups can also be automated.
4. Change your habits
Old habits die hard. One particularly dangerous habit is to use the same password on many services. Is one compromised, they all are in theory. You should also not save passwords anywhere online where they might fall prey to hackers. The other habit is to conduct sensitive business in public environments. Communicating about sensitive business, or using home banking software, from within public WiFi hot spots for example is very ill-advised. Do know that especially "free WiFi" is rarely free, it comes at the price of privacy.
5. Check if you are affected by Heartbleed
All precautions taken, it still makes sense to run tests on your infrastructure. This applies for both your work equipment as well as servers. There are a number of tools out there that do low level checks in your website to see if they respond as expected, or if they are vulnerable, e.g. to the heartbleed bug. Please note that not all free tools out there are perfectly reliable, they are only an assistance.
To check whether your websites and applications are affected, you can use a tool like ssllabs.com. LingoHub is not affected by the Heartbleed bug, so you can localize safely without the NSA's prying eyes. Click here to check our stellar security rating.