Major New Cyber-Security Issues Require Your Attention
From Schwabe's Privacy and Data Security Practice Group
If you or your company is using Windows XP, strongly consider upgrading your system and do not use Windows XP for attorney-client communications. On Tuesday, Microsoft ended support for Windows XP, and the risk of security vulnerabilities will increase with the passage of time. Many articles have been written on the subject. For more information, consider this recent article from CNN: http://money.cnn.com/2014/04/08/technology/security/windows-xp/index.html?hpt:hp_t2.
Accordingly, Schwabe's Privacy and Data Security Group recommends against using a Windows XP system for any sensitive or confidential communications.
The "Heartbleed" Bug
On April 8, 2014, a previously unknown and serious security vulnerability in OpenSSL was announced. OpenSSL is an encryption protocol that protects the confidentiality of about two-thirds of the data transmitted over the Internet. The company that uncovered the vulnerability advises that the bug, since named "Heartbleed," allows anyone on the Internet to penetrate systems protected by a common version of OpenSSL, exposing Internet communications, encrypted data, and passwords, and potentially allowing the impersonation of users. This vulnerability is reported to have been present in the OpenSSL protocol for two years.
If you or your company utilizes OpenSSL, then you should strongly consider obtaining a patch as soon as possible and, after its installation, advising users and customers to change their username and passwords. If you conduct business over the Internet, consider contacting your trading partners to determine if they have taken steps to secure their transmissions and data from the Heartbleed bug.
Privacy and information security are the emerging compliance issues for U.S. business in the 21st century. Schwabe, Williamson & Wyatt, a Northwest regional law firm, is at the forefront in guiding businesses through privacy and data security issues.