Security breaches and systems failures seem to be events that we rapidly forget. In the last four months we have had a major credit card theft from a major department store and exposed a significant hole in OpenSSL that has been there for a very long time.
Service providers have been quick to respond to these intrusions and possible open holes, including those who were exploited as well as those who had potential. I was personally relieved when my online banking service notified me that all was now well, and encouraged me to change my password.
What I’m afraid of is that we are going to have a big sigh of relief, and not put in the due diligence to make sure our systems are really secure. You may say to yourself, “I don’t keep credit card number in my persisted data so there is nothing further I need to do.” Do you keep a full name, social security number and a birthdate? With these three pieces of information a line of credit can be opened.
Are you comfortable with the efforts that have just completed, or are they simply the tip of the iceberg?
Do you think I’m being too hard? Share your thoughts here online, or just drop an email to btaylor@sswug.org.
Cheers,
Ben