Importance: [rating=3]
Recommended link: Register summary of security vulnerability
We wouldn’t typically report security vulnerabilities to our readers since they are more relevant for an IT audience to act on, but after the Heartbleed security bug from April 2014, many mainstream news outlets are reporting this, so you may well be asked about what you’re doing about it to protect customer data!
Remember that Heartbleed was linked to personal data breaches at Community Health Systems, a US hospital group that manages more than 200 hospitals, Canada’s tax agency, UK parenting website Mumsnet and the developers of Call of Duty...
Shellshock is a vulnerability to systems within the ‘bash’ shell processor which runs on different versions of UNIX/Linux. Since Apple OS X uses a derivative of this it could cause developers using this to allow access via a hijack attempt to a server containing customer records.
The risk is such that some are saying that the risk is higher than Heartbleed. However, the vulnerability is only recently discovered, so no known exploits have occurred and Apple and the other Unix providers like Red Hat have already readied patches.
The Register reports that the UK Information Commissioners Office, as the public custodian of personal data, has acted quickly and is advising users to apply any available updates to defend against Shellshock as soon as practically possible.
An ICO spokesperson said:
“This flaw could be allowing criminals to access personal data held on computers or other devices. For businesses, that should be ringing real alarm bells, because they have legal obligations to keep personal information secure.
The worst thing would be to think this issue sounds too complicated – businesses need to be aware of this flaw and need to be monitoring what they can do to address it. Ignoring the problem could leave them open to a serious data breach and ultimately, enforcement action."
However, availability of patches doesn’t mean that they are applied and the implications of the ICO advise is that “ignorance isn’t an excuse”. Businesses should be asking their developers and agencies that they are covered.
By Dave Chaffey
Digital strategist Dr Dave Chaffey is co-founder and Content Director of online marketing training platform and publisher Smart Insights. 'Dr Dave' is known for his strategic, but practical, data-driven advice. He has trained and consulted with many business of all sizes in most sectors. These include large international B2B and B2C brands including 3M, BP, Barclaycard, Dell, Confused.com, HSBC, Mercedes-Benz, Microsoft, M&G Investment, Rentokil Initial, O2, Royal Canin (Mars Group) plus many smaller businesses. Dave is editor of the templates, guides and courses in our digital marketing resource library used by our Business members to plan, manage and optimize their marketing. Free members can access our free sample templates here. Dave is also keynote speaker, trainer and consultant who is author of 5 bestselling books on digital marketing including Digital Marketing Excellence and Digital Marketing: Strategy, Implementation and Practice. In 2004 he was recognised by the Chartered Institute of Marketing as one of 50 marketing ‘gurus’ worldwide who have helped shape the future of marketing. My personal site, DaveChaffey.com, lists my latest Digital marketing and E-commerce books and support materials including a digital marketing glossary. Please connect on LinkedIn to receive updates or ask me a question.
Turbocharge your results with this toolkit containing 8 resources
The Email Marketing And Marketing Automation toolkit contains:
Start your Digital Marketing Plan today with our Free membership.
Recommended Blog Posts
Discover your top customer experience (CX) issues quickly How do your customers, both current and prospective, really feel about the experience they’re having with your brand? How can you best measure this? In this post, I share three cost-effective analysis …..
A comprehensive checklist for auditing different customer data types in a CRM or Email marketing system In today’s world of ever-increasing data availability, volume and variety the challenge to know which data is valuable to you is a key step …..
Chatbot increases conversions, not just dialog, which is why you need to understand how best to use chatbots Live chatbot is not just for customer support anymore; it’s a proven engagement and revenue booster. Kayako.com shares some compelling statistics that …..
