Have your business systems helped you deal with the latest security threat?
Well, the Heartbleed bug is all over the news. I hate to even add to the noise, but it brings up an important point about systems and processes and maintaining them. We each have to do what we can to keep our information safe and secure.
There are many ways to maintain your own internal systems and processes. Some people keep documents, some use Evernote, OneNote, or other software to maintain their internal documents. Each of us must find the tool that is most comfortable for us, so that we actually use it! I have all three. I maintain system and process or process and procedure documents for each of my clients including myself. Based on client preference, they are in the tool that works for them.
Regardless of where they end up… I start in a Word document. I maintain a master Word document with sections so that I have a basic template each time I create a new process and procedure document for a client.
Heartbleed and my business systems…
This week, I had to add a new process to my documents. How I handle it with each client will vary, but I had to structure my own around passwords and security measures. While I had a general little blurb in my process and procedures about how I handle passwords and the tools I use to track them… I had nothing about how to change them in the event of a breach like Heartbleed. And, the process for making changes is very dependent on this bug and the way the sites I use update their security on their own servers. This means I needed to draft something new.
As I dealt with my own passwords, I followed a pretty simple system.
- I created a list of the sites and passwords I needed to review and change. This was easy. I took a screen shot of my password system and created a quick table in my process document with each site URL and username.
- I tested the URL of the site I used at https://lastpass.com/heartbleed/ to see if it was a password I needed to change. Mashable and CNET also have testers, I just chose to use lastpass.com
- My process had three sections:
- Sites that aren’t affected and need nothing done. (It’s still a good idea to change passwords, though, so I may do this when the critical tasks are handled.)
- Sites that are affected and made the corrections, so I can change my password.
- Sites that have not yet secured their servers (where I have to check back).
- Sites I no longer use or access and need to close my account. (Why not do a little housekeeping while I am in here, right?)
- I then changed passwords where I could and added a day each week for the next month to test the other sites until I could get all my passwords changed. I will revisit that timeline at the end of the month, once I see which sites are slow to make their corrections.
Once I had my process complete, I began working as time allowed to tackle the project.
I now had a process to follow that was documented and tested, and could be rolled out to my clients.
Ultimately, the dependable system I used and the process I created could be tailored to each client and implemented as needed. Having my own strong systems in place provides a solid foundation for the work I do with clients, and allows me to quickly and effectively roll things out for them and handle issues as they arise.
Have you created your system for handling this whole Heartbleed mess? I would love to hear your comments! Feel free to share below.