Lessons From Heartbleed – How to Stop Security Breaches in your Company

In April 2014, the Heartbleed bug compromised huge swathes of the internet – including Facebook, Tumblr and Yahoo Mail. Millions changed their passwords in order not to lose secure information and data. It was a wake up call to many of us – we are very comfortable with the convenience of having our lives stored up online, but the systems in place are still extremely vulnerable.

The same must be considered when running a company. Documents filled with sensitive information, both physical and digital, start piling up from a company’s inception. In the rush of work and endless hours dedicated to getting a company up and moving, a system in place to protect your information is an essential part of ensuring your longevity.

Startups must learn these lessons from larger companies whose reputations have been compromised by security issues. The NHS – the fourth biggest employer in the world, has great difficulties handling the vast amount of information that must be administrated every day, which led to the shocking revelation that the NHS lost 1.8 million records in a year – including incidents of records being thrown into bins, and computers filled with unbacked data being recycled.

Barclay’s Bank admitted to losing the very sensitive bank account information of over 2,000 customers in early 2014 thanks to a lost memory stick. The data were then sold on, compromising the security of a further 25,000 customers and tarnishing the reputation of the bank.

Security costs money, and many SMEs and startups are reluctant to spend big on protection. But a security breach can cost a company a significant amount, lose them clients, and even lead to a company’s downfall. If you calculate the cost of a potential loss of data or documents, an investment in security will be a wise one.

Here are some tips on how to avoid security downfalls:

Get a System in Place

Take some time out to put in a secure system that is reviewed and updated regularly – make sure you have rotating passwords, complete virus protection, high quality cyber security systems, a secure file to secure sensitive logins and a thorough check of email security (where so much sensitive correspondence is stored and could be very easily compromised).

Phone Security

A weak point in security which is often ignored is mobile devices – these are easily lost and stolen, and also hold tonnes of data. Make sure phones used in your company securely protected with strong passwords – the iPhone 5 with its fingerprint scanner technology is an ideal phone for a security conscious business.

Strong passwords

Use a different password for every platform you use – this doesn’t have to be as hard as it sounds. A good way to make a strong password you will remember is taking the first letter from each word of a well known phrase, so “to be or not to be” would be “tbontb”, add a significant date, such as your siblings birth year (“tbontb1981”) then add a reference to the password for each service – “tbontb1981email”, “tbontb1981fb”. Now you have a set of strong, unique passwords that are easy to remember!

Store your physical documents off site

Tackling cyber security is key, but a focus on this means that physical records often get forgotten – this led to the terrible incidents in the NHS where medical records ended up in a skip. Tax records, financial records of both your company and your clients, pay slips, business strategies, expenses – all of this is sensitive information that should be stored. For extra peace of mind and to save space, store this off site. If a document is no longer needed, but still holds sensitive information, shred it. This post highlights why shredding is essential to your companies’ security.