• First Reference
  • About us
  • Contact us
  • Blog Signup 📨

First Reference Talks

Discussions on Human Resources, Employment Law, Payroll and Internal Controls

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies
You are here: Home / Business / What businesses can learn from Heartbleed

By Zach Aysan Venn | < 1 Minutes Read April 21, 2014

What businesses can learn from Heartbleed

Image: www.extremetech.com
Much has been written about Heartbleed and the speed at which various companies have reacted to it. Notably, the Canada Revenue Agency (CRA) closed their online portal for some time and lost hundreds of Social Insurance Numbers. It was also revealed that the NSA has been using the bug for over two years to get (no longer) encrypted traffic.
The issue that Heartbleed has is not unique. Much of what powers the internet has bugs that allow an attacker access to your private information—we just don’t know what those bugs are yet—and we will always exist in this state.
Computer security is not like physical security. Adding extra layers doesn’t necessarily help and no matter what you do, if someone has physical access to the machine it must be treated as compromised. The Snowden revelations show that there is no denying it anymore—we live in a world where very sensitive information can not be trusted to computers that are attached to the Internet.
This has massive policy implications for all classes of professionals and businesses. In 20 years I would not be surprised if a lawyer or a therapist could be disbarred for keeping confidential client notes on a computer with Internet access. But for now, heed the following:

  1. Treat everything you store or say online or on your computer as shared with at least the intelligence agencies around the world. Be sure that the communications over email do not give away design, trade secrets or confidential information.
  2. Have a plan ready if a data leak occurs. You will need to block access to your systems until people reset their passwords, and you will need to act fast to make sure that if a leak does occur your clients are protected quickly.
  3. Store highly sensitive documents encrypted and offline.

Balancing convenience and privacy has always been a trade off, but we are now in a much more binary era—100 percent convenience or 100 percent privacy—your choice.
Regarding the CRA shutdown of online services, the due date for filing of individual tax returns and for payment of amounts owing has been extended from April 30 to May 5, 2014, due to the Heartbleed bug. The extension of the payment due date to May 5th also applies to self-employed individuals who have until June 15th to file their returns. This means individual tax returns for 2013 filed by May 5, 2014 will not incur interest or penalties.

  • About
  • Latest Posts
Zach Aysan Venn
Partner at Venn
Canadian data scientist and writer on cybersecurity.
Latest posts by Zach Aysan Venn (see all)
  • What businesses can learn from Heartbleed - April 21, 2014
  • Primacy of purpose is the most important factor in the effectiveness of a corporate website - March 17, 2014

Article by Zach Aysan Venn / Business, Finance and Accounting, Information Technology, Payroll, Privacy / Canada Revenue Agency, cloud computing, confidential information, CRA, data breaches, Heartbleed, individual tax returns, malware, online portal, online services, sensitive information, Social Insurance Numbers, virus

Share with a friend or colleague

Get the Latest Posts in your Inbox for Free!

Electronic monitoring

About Zach Aysan Venn

Canadian data scientist and writer on cybersecurity.

Footer

About us

Established in 1995, First Reference is the leading publisher of up to date, practical and authoritative HR compliance and policy databases that are essential to ensure organizations meet their due diligence and duty of care requirements.

First Reference Talks

  • Home
  • About
  • Archives
  • Resources
  • Buy Policies

Main Menu

  • About First Reference
  • Resources
  • Contact us
  • 1 800 750 8175

Stay Connected

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

We welcome your comments on our blog articles. However, we do not respond to specific legal questions in this space.
We do not provide any form of legal advice or legal opinion. Please consult a lawyer in your jurisdiction or try one of our products.


Copyright © 2009 - 2023 · First Reference Inc. · All Rights Reserved
Legal and Copyright Notices · Publisher's Disclaimer · Privacy Policy · Accessibility Policy