Debt Collection & Technology Blog

Ontario Systems Blog

Share: Share on Facebook Share on Twitter Share on LinkedIn

4 Reasons Why Heartbleed Might Actually Be Good for Internet Security

By: Rick Clark | April 22, 2014

Over the past week, the heartbleed bug has driven many to examine their web sites for potential data and encryption key exposure. It’s by far the most serious internet security vulnerability to date.Explaining what the bug is, and how it works would take longer than we have here, but Vox.com has a great rundown for those interested in learning the details. In short, heartbleed exploits the otherwise secure communications between client and server: When you log on to a website, your computer occasionally requests a “heartbeat” from the site’s computer you’re accessing to ensure it’s still there and working – kind of like how you know you’re still on hold and not disconnected when you hear muzak playing over your phone. But for computers, that heartbeat comes back in the form a “magic word,” with a specified length. Your computer might ask a server to send back the 3-letter word “dog” for example to confirm the server is still working on a particular request. But what happens if your computer asks the server for the magic word “dog,” but tells it “dog” is 10 letters instead of 3? Computers only do exactly what you tell them – and that’s where the trouble starts.It turns out that if the most commonly used SSL security software on the internet – OpenSSL – were to ask a server for the magic word “dog,” but say that word is 64 letters instead of three, the server would send back not only the word, but data from its memory to fill in the extra space. That data might include anything from bank balances and account information, to usernames and passwords. As of a week ago, all a hacker had to do was gain access to your public IP address, and through OpenSSL gain access to a wealth of your data.You can understand why the issue caused such a panic, but truth be told: the heartbleed bug might actually be a great learning experience for internet security professionals. Here’s why: We’ve been forced to review our security protocols. In the last week, concerned companies have had to deep-clean with their partners, vendors, and service provides to ensure there would be no problem for our customers. The bug gave us a good reason to touch base and reconfirm our commitment to our clients. It was a great test of vulnerability management and incident response. Prepare all you want, but you never know exactly how the market will respond in a crisis. Heartbleed challenged our ability to react in the face of a widespread crisis. We know now, for certain, that the strategies we have in place to defend against a large data breach are effective, and we can work together to bring those issues under control. Unknown security weaknesses were brought to bear. It’s great to know an effective system and network is in place to handle crises like heartbleed. But it’s even better knowing now, in a concrete, real-world way, how we can improve on that system in the next several months. “What doesn’t kill you makes you stronger” has never been a more apt proverb for data security in the bug’s wake. New discussions are taking place to make networks even more secure. The perception that open source software is secure “because other people look at it” no longer holds true. Heartbleed revealed a gap in our thinking: The reality is that open source projects are often low-funded, and open to vulnerabilities. We know now how big of a problem that really is.If you haven’t already, talk to your leadership about the bug, and make sure you’ve done all you can to protect yourself, your company, and your customers. Know your inventory, and what software is installed on your systems. Establish rules for what is allowed and not allowed on your network. Consider enabling certificate revocation checks in your browser. Purchase scanning tools, and train staff on how to use them properly. Sign up for security alerts from vendors. What other items would you add to the list?If those items seem familiar, it’s because they’re not only important to protect against heartbleed – They’re common-sense internet security tools that you should have in place regardless of threat.   The information contained in this publication is provided solely for educational purposes. Ontario Systems LLC, nor the author, offer any legal or other professional advice. Every effort has been made to make this content as accurate as possible at the time of publication. However, there may be typographical and/or content errors. Therefore, this publication should serve only as a general guide and not as the ultimate source of subject information. © 2014 Ontario Systems, LLC. All rights reserved. Information contained in this document is subject to change. Reproduction of this publication is not permitted without the express permission of Ontario Systems, LLC.
Share: Share on Facebook Share on Twitter Share on LinkedIn

Ask These 3 Questions to Identify Your Most-Innovative Partners

By: Guest Author - Derek Whitaker | April 9, 2014

Smart organizations are always on the lookout for innovative partners, for reasons beyond thought leadership – An innovative partner provides efficiency. That’s an advantage every executive should embrace. In 1989, Inc. Magazine interviewed Steve Jobs following his receipt of the publication’s “Entrepreneur of the Decade Award.” It’s a famous conversation, largely because of an inspiring quote from the late Apple CEO that’s been repeated ad nauseam in board rooms and MBA classrooms since:
Share: Share on Facebook Share on Twitter Share on LinkedIn

The Self-Pay Conundrum: 4 Ways to Help Patients Zero Their Balance

By: Steve Scibetta | April 8, 2014

HSA accounts, the CFPB, and financial assistance options might offer a hand when it comes to helping self-pay patients cover their medical bills. But really, who plans for a heart attack or a cancer diagnosis?
Share: Share on Facebook Share on Twitter Share on LinkedIn

#WWW25 – Looking Back on 25 Years of Connectivity

By: Michael Wolfe | April 2, 2014

Imagine what the world would look like now without email, file sharing, and YouTube. Tough, huh?
Share: Share on Facebook Share on Twitter Share on LinkedIn

Why Successful Companies Disrupt Themselves

By: Melissa Norcross | March 25, 2014

Our industry frequently deals with people at transition points, going through changes that play out in their finances. That fact got me wondering: How likely is disruption for the average person?
Share: Share on Facebook Share on Twitter Share on LinkedIn

3 Cost-Saving Secrets for Optimal Contact Management

By: Rip Harris | March 12, 2014

You spend a ton of money to contact consumers. A ton. And it seems lately you’re getting less and less from that spend as you dial manually more and more. What are some quick ways to save? In the good ol’ days you’d expect to generate 4,000 minutes of autodialing per agent per month. It was easy to amortize those hidden costs across that kind of call volume, and the connects you would get. Now it’s not so clear.
Share: Share on Facebook Share on Twitter Share on LinkedIn

Private vs. Federal Student Loans: Know the Difference, Then Collect

By: Casey Stanley | March 5, 2014

It’s a tempting prospect: the student loan market now represents the second-largest debt pool in the U.S., second only to home mortgages. And despite a size surpassing $1 trillion, it shows no signs of slowed growth as sluggish economic recovery has contributed to a 13.7% compounded annual growth rate since 2004. It comes as little surprise that many collection agencies are rushing to get their feet wet, since even a small slice seems like it can yield a big return.
Share: Share on Facebook Share on Twitter Share on LinkedIn

6 Critical Considerations for Profitable Dialer Scheduling

By: Terry Glidden | February 26, 2014

When it comes to efficient collections, the ‘when’ can be just as important as the ‘who’ – As in, when you call a list of contacts can have as much bearing on promises as who is on that list to begin with. That’s why most effective collection agencies spend a great deal of time formulating strategic dialing schedules – An intentional way of organizing call campaigns so collector time and dialing is focused on specific goals throughout the day. Specifically, you want agents to spend the majority of their time on your most profitable accounts.
Share: Share on Facebook Share on Twitter Share on LinkedIn

The Top 4 TCPA Cell Phone Dialing Pitfalls, and How to Avoid Them

By: Rip Harris | February 25, 2014

Ontario Systems replaces its original February 20, 2014 blog entry entitled  “The Top 4 TCPA Cell Phone Dialing Pitfalls, and How to Avoid Them” with the following entry for purposes of retraction of certain statements and clarification of comments related to the TCPA and preview-dialed calls. It almost goes without saying: Navigating TCPA compliance is a challenge for even the most astute TCPA follower. What about dialing cell phones in the wake of the vacated Nelson vs. Santander case remains risky?
Share: Share on Facebook Share on Twitter Share on LinkedIn

Raise Patient Satisfaction/Medicare Reimbursement with These 4 Actions

By: Steve Scibetta | February 18, 2014

To improve patient care and reduce costs, the Patient Protection and Affordable Care Act (PPACA) has made Medicare reimbursement dependent on patient care quality – not simply the quality of services rendered. Called the Hospital Value-Based Purchasing Program (HVBP), it’s a measure that’s obviously created some challenges for healthcare executives. How, exactly, does the law define quality patient care?

Subscribe to Email Updates

Blog Topics

All Topics