Apr 11, 2014
Earlier this week, the Internet was hit with the Heartbleed bug that poses a serious threat to mass amounts of private information and data. No customer data stored in SpringAhead Time & Expense is vulnerable. We’d like to take a moment to help you understand the potential gravity of the Heartbleed bug, how SpringAhead Time & Expense protected your data, and what you personally can do to prevent compromised data in the future.
What is Heartbleed?
Heartbleed is a security flaw in OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). The bug has caused memory contents to leak from the server to the client and from the client to the server. While bugs in software are often fixed by new versions, Heartbleed has proven to be a “super bug” of sorts– leaving extensive amounts of private information vulnerable and exposed online. This extensive exposure, combined with untraceable attacks, makes for easy exploitation.
Your SpringAhead Time & Expense Customer Data is 100% Secure
On learning of the general issue, the SpringAhead Development Team performed an exhaustive assessment of potential exposure and concluded that all user data is secure. Here’s why:
Our public servers are safe. The load balancer we use does not contain or use the affected OpenSSL component, and passes Heartbleed vulnerability testing without issue.
Our private servers are secure. All of our private servers operate within a Virtual Private Cloud (VPC) and are not accessible directly from the Internet. One Amazon Linux-based system within our VPC, which we use for coordination, is being patched, but hosts neither customer data nor sensitive access keys. Even if it were sitting on the internet for all to see, it would not compromise customer data.
No 3rd party services experienced exposure. We have been in direct contact with all of our 3rd party services, and all have confirmed their systems were never vulnerable to Heartbleed.
How to Remain Protected Moving Forward
Stay out of accounts from affected sites until the company has patched the problem. Most major companies should release announcements regarding the status of their security. If they have not, SpringAhead recommends that you contact the company to verify the safety of your data.
Change your passwords ONLY on officially patched sites. Start with personal financial login information, then email accounts, then software solutions that affect business and professional matters. After all critical accounts have updated passwords, then begin updating the rest of your personal and business accounts.
REMEMBER: In order to truly remain safe, you should diversify your passwords and never use the same password for all critical accounts. If you have used a password for your SpringAhead Time & Expense account that is shared across several different online accounts, we recommend you change your SpringAhead password to be safe.
Routinely check on your financial statements. Manually scan your credit card statements, for both personal and business, for any suspicious charges over the next few months. If you see a charge you do not recognize, contact your bank immediately to report it.
The unyielding protection of your information remains our highest priority here at SpringAhead, and this commitment has proven critical in moments of vulnerability such as this. If you have any additional questions, please leave them in the comments below and we’ll reply as soon as possible!
Category: Company News, SaaS
Tags: hearbleed, heartbleed bug, SaaS, Security, software
Comments: No Comments
Jan 10, 2012
Each year, we all make resolutions to better ourselves. For SpringAhead, part of our New Year’s resolution is to provide the best data security and data encryption with QuickBooks. Essentially, your security settings will be updated to the newest industry standard.
To accomplish this, the new release requires a new certificate to be created in all desktop versions of QuickBooks and QuickBooks Online accounts. This change only takes a moment and provides numerous benefits.
Remember: To create a new certificate in QuickBooks make sure you’re logged in as the administrator or do the update with your QuickBooks administrator.
Here’s a few answers to questions you may have:
How strong is the new encryption?
The new certificate you will be installing is 2048-bit SSL encryption, which is the best of breed encryption available. For more information, click here
Do I need to do anything?
Only if you are using a desktop version of QuickBooks or QuickBooks Online. Videos and guides for the respective editions are posted below
What do I need to do?
Simply open SpringConnect on your computer and you should be prompted for a new version. Once updated, click Synchronize. You will also need to have your administrator present to create the new certificate. If your’re having any issues installing the update, the direct link for SpringConnect is www.getspringconnect.com
Let’s get updated! Videos and Documentation:
Whom should I contact if I need help?
SpringAhead’s team is here to help! Feel free to shoot us an email at email@example.com or give us a call at 888-874-1118, ext. 2. If you’d like help with the certificate update, please ensure you have administrator rights or have your administrator present.
Can I wait?
Your existing certificate will remain valid through February 1st. After that date, if you use QuickBooks Online, you will need the new certificate before you can transfer data between QBOE and SpringAhead.