What Apple's security flaw can teach your business

By: IT Donut contributor

Date: 16 June 2014

What Apple’s security flaw can teach your business/Apple Security{{}}The Heartbleed security flaw — discovered in April — affected more than 60% of web servers. As a result, some experts considered it to be the most dangerous security flaw on the web.

However, it’s not the first big security issue in history. And it certainly won’t be the last.

For instance, Apple endured a similar situation earlier this year. Its ‘goto fail’ bug exploited a vulnerability similar to Heartbleed, but Apple handled it well enough that it didn’t achieve the same level of news coverage.

So, what can your business learn from Apple’s goto fail debacle?

1. Accept that software flaws occur

Quite simply, flawless software is a myth. Writing computer code is difficult and modern software is complex. The greater the complexity, the greater the risk of security flaws.

Although goto fail was the result of sloppy code in Apple’s operating system, Heartbleed’s vulnerability runs deeper. Either way, these breaches demonstrate that even tech giants with a lot to lose can’t make their software invulnerable.

2. Constantly monitor your software

Once you’ve accepted the risk, be more vigilant about the software you use.

The code behind Apple’s operating system framework is reviewed more often than iTunes updates its terms and conditions. Yet the flaw existed for 18 months before it was revealed. Heartbleed went undetected for two years.

Unless you want your security flaws to be discovered by a rival — or worse — stay vigilant.

3. Lock down your data and be paranoid

Be careful what you download, what you click, and what access you grant applications and websites. You become a target whenever you share private or financial information.

Pay attention to the cloud services you use, the software developers you work with, and everyone else involved in your technology. You should be in control of what they can and can’t see.

Use two-step verification where possible, encrypt data and closely monitor the security of websites you use. Most importantly: question every inconsistency.

4. Use credit monitoring

Identity thieves are known for using basic consumer data (name and address history) to open financial accounts in another person’s name. It can happen to businesses, too.

Run credit reports and regularly check the registered details of your company to catch misuse of your information.

5. Consistently check for updates

In 2011, Sony missed a software update. Within a month, customer data was leaked online. It damaged the company’s reputation and cost a lot of time and money to fix.

When Apple corrected its software flaw, it immediately released an update. But you have to actually install it to fix the problem in your business.

Every operating system and most other software can automatically check for updates regularly. Make sure yours does.

6. Act immediately 

Apple admitted its flaw and immediately implemented a fix. Yet when US retailer Target suffered a major breach in 2013, it kept things quiet and attempted to fix the issue behind the scenes.

In the long run, Apple’s vulnerability was a slight inconvenience felt by very few. Target’s affected millions and cost the company more than $1bn.

The internet is like a medieval fortress. You’re only as safe as the walls around you. By running frequent security audits, properly training employees and extensively testing software, you’re building a solid castle to keep data safe.

Daniel Riedel is CEO of New Context.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.