As cyber criminals become more sophisticated, businesses and individuals must to be vigilant to protect their data assets online, the top information security official for an area defense contractor said.
Joseph Mahaffee, chief information security officer for Virginia-based Booz Allen Hamilton, visited the company’s Kettering office this week to meet with employees and discuss best practices for protecting data in the wake of the recent Heartbleed security bug.
Mahaffee will become the company’s chief administrative officer on July 1.
“Heartbleed itself really was an attempt on the part of the adversaries to undermine some of the basic security capabilities that a lot of people have learned to trust over time,” Mahaffee said.
The Heartbleed bug allows attackers to read sensitive data from web servers, potentially including cryptographic keys, user names and passwords. Many websites have since patched security flaws and prompted users to change their passwords, but the threat of such vulnerabilities remains.
Mahaffee said companies and individuals can protect themselves by creating strong, unique passwords that use numbers, case-sensitive letters and symbols. He also recommended using two-factor authentication, such as a password in conjunction with an electronic token for access. In addition, network patches and updates should be installed in a timely manner, he said.
“It is important that we as institutions continue to provide, at the corporate levels, the appropriate security mechanisms to protect the institution. But a lot of this ultimately still comes down to the end users in terms of how they’re interfacing with their systems and their devices,” Mahaffee said.
Headquartered in McLean, Va., Booz Allen employs about 23,000 people, including about 400 in Kettering.