• productivity in motion

A Password Isn’t Enough: Security Measures for the Post-Heartbleed Era

The Heartbleed bug that shook the tech world has thrust small businesses into a new era of uncertainty.

A Password Isn’t Enough: Security Measures for the Post-Heartbleed Era

The Heartbleed bug that shook the tech world has thrust small businesses into a new era of uncertainty. No longer can leaders afford to take the security of their data for granted. Nearly everything we do has a digital component, and even the slightest weakness in your business’ defenses can be exploited. For any small business, the results of a cyberattack are potentially catastrophic.


But for all the media frenzy around Heartbleed, ignorance is still a tremendous liability. The panic has fueled a storm of misconceptions about technological vulnerability, none of which help protect against security breaches.

There’s no denying that every small business is at risk. In fact, as big companies tighten their security efforts in the wake of the Target breach, hackers are targeting smaller businesses because their defenses are often less sophisticated.

The only way to protect your business is to prepare for the worst-case scenario and focus on the security of the following areas:

Internet-Based Technology

The Internet is the spinal cord of modern business. At any given moment, a staggering amount of sensitive data is being transmitted via Internet-based technology such as email, file sharing, and web conferencing.

The misconception: A strong password is your best safeguard against breaches in web services.

The reality: Even if you have a strong password, you need more than that to protect your data. It’s vital to establish multiple layers of access with many different checkpoints.


Long-term security strategies:

  • Implement a two-step authentication policy for your entire company. This ensures a password alone is insufficient to log in to web services.
  • Utilize your ISP’s tools to detect unusual behavior on your network. Set up alerts so you’ll know immediately when a user logs on from an unexpected location or downloads large amounts of data.
  • Operating systems offer built-in file encryption services. Using these makes it that much harder for an unauthorized user to gain access to sensitive files.
  • Set up more than one Internet connection in your office via multiple providers. When one crashes, you won’t have to shut down your entire operation.

Mobile Technology

As more companies adopt “bring your own device” policies, mobile data is becoming more vulnerable than ever.

The misconception: Endpoint authentication will keep your data safe.

The reality: BYOD exposes a company to a complex range of threats that stem from unlicensed software, unsecured connections, and malware. And when a device is lost or stolen, data can be compromised in an instant.

Long-term security strategies:

  • Extensive employee education can minimize the risk of human error. Teach your team how to avoid unsecured connections and apps with hidden malware.
  • Every employee device should be password-protected and have security software installed.
  • Establish a protocol for lost and stolen devices. Lookout and Prey both allow you to locate, lock, and wipe a device remotely.
  • Be prepared for mobile technology to crash. For example, if you’re using Square as a sales platform, you need a contingency plan that will allow you to continue to make sales even if Square goes down. Always have a Plan B.

Cloud-Based Technology

Initially, concerns about data security were a major hurdle to the adoption of cloud-based technology. Heartbleed brought these fears back into harsh light.


The misconception: Data stored on your own servers is more secure than it would be in the cloud.

The reality: Business-class cloud services offer top-shelf security features, such as two-step authentication, pattern recognition for detecting suspicious activity, and multi-redundant backup. Often, entrusting your data to professionals is safer than storing it on your own servers.

Long-term security strategies:

  • When choosing a cloud service provider, do extensive research. Ask questions about security measures (e.g., anti-malware, software patching, redundant power), reliability (e.g., backup standards, performance history, protocol for service outages), and jurisdiction (e.g., government access to your server data).
  • Encrypt sensitive information before uploading it.
  • Manage privileges. Determine who can access what information and services. Set up notifications for changes to permissions and files.

Even with the best defenses in place, your IT department can only do so much when it comes to data protection. Security efforts are only effective when the entire company feels a sense of ownership and responsibility for keeping information out of hackers’ hands.

Wherever you have digital data, regardless of how inconsequential it may seem, you must also have a resilient password strategy, regular third-party audits and stress tests, employee education and engagement, and proactive risk management.

As new and increasingly sophisticated threats emerge, it’s safe to assume that your business is a target. Plan accordingly. The more involved you are in data security, the less susceptible your company will be to a cyber disaster.


Ioannis Verdelis is the co-founder and COO of Fleksy, a revolutionary keyboard that makes typing on a touchscreen so easy you can type without even looking. Ioannis is a member of many entrepreneurial organizations, including the Young Entrepreneur Council, Empact Sphere, Startup America, and more. Connect with him on Twitter.