Share this on:
 E-mail
69
VIEWS
0
COMMENTS
 
SHARES
About this iReport
  • Not verified by CNN

  • Click to view jackschoen's profile
    Posted April 10, 2014 by
    jackschoen
    Location
    Annapolis, Maryland
    Assignment
    Assignment
    This iReport is part of an assignment:
    Tech talk

    More from jackschoen

    Baltimore Area IT Security Expert Chris Finegan Issues Tips On Mitigating Heartbleed Related Risks

     

    News about the serious Heartbleed vulnerability, which may have led to the exposure of the login names and passwords you use to access Web sites and other online services, has been spreading across online and traditional media.

     

    We got on the phone with Chris Finegan, the Vice President of FullScope IT Inc., a Baltimore, Maryland area Managed IT Service Provider to get his thoughts and recommendations.

     

    Chris explained, “Our remote management system is not based on the OpenSSL software at issue, so the encrypted connections that we use to maintain and access our clients’ computers were never vulnerable. That's especially important to our numerous medical and financial clients with HIPAA, SEC, and FINRA compliance requirements.

     

    We only had one offsite backup server that was affected, and we had that patched within hours of the vulnerability being published.  Backups sent to that server are also separately encrypted and password protected, meaning the integrity and contents of our clients’ backups were never at risk.

     

    Because of the unique severity of this bug, we felt that it was our duty to provide some advice on what people could do to protect their sensitive personal information.  So we are providing suggestions to our clients directly through email and to our community through our blog and social media.”

     

    Finegan went on to say, “If your readers are using an outsourced IT provider and have not been contacted by them yet, I strongly suggest they reach out to that provider and ask to what extent their business data may have been compromised by HeartBleed and what risk mitigation steps their provider has taken.”

     

    Below are some tips we found on FullScope IT’s Facebook page.

     

    What You Should Do

    1. Immediately change your passwords on all of the web sites that you frequent.  At the top of this list should be your email accounts, financial institutions, and medical portals.  This will provide a measure of protection in the short term.

    2. Repeat this password change in two weeks, and use all new passwords. Due to the nature of the Heartbleed bug, many sites are still vulnerable and may not be patched for some time.  This second round of password changes will help to ensure longer-term protection.

    3. Do not use the same password on multiple web sites.  We recommend using unique randomly-generated passwords created and stored in a password manager.  We also recommend changing passwords every 3-6 months as a matter of routine precaution.

    4. If you receive a password reset request via email, do not click on any links in that email.  Open a web browser and go directly to the website, then login and change your password.  Unscrupulous organizations will take advantage of the confusion around Heartbleed to mount attacks aimed at stealing your new credentials.

    Heartbleed is perhaps the most serious and far-reaching security incident to occur since the widespread adoption of the Internet.  The steps above will take time, but they are critical to maintaining your privacy and protecting your personal data.

     

    To contact Chris Finegan, or to learn more about FullScopeIT, visit their website at www.FullScopeIT.com

    What do you think of this story?

    Select one of the options below. Your feedback will help tell CNN producers what to do with this iReport. If you'd like, you can explain your choice in the comments below.
    Be and editor! Choose an option below:
      Awesome! Put this on TV! Almost! Needs work. This submission violates iReport's community guidelines.

    Comments

    Log in to comment

    iReport welcomes a lively discussion, so comments on iReports are not pre-screened before they post. See the iReport community guidelines for details about content that is not welcome on iReport.

    Add your Story Add your Story