Wired reports on a new vulnerability: POODLE. Though it may sound cute, it allows hackers to gain access to user accounts if they are on the same open Wi-Fi network. Talk about a bad dog.
POODLE (Padding Oracle on Downgraded Legacy Encryption) is a vulnerability with SSL version 3, an older encryption protocol that some web clients still use. If a hacker is on the same Wi-Fi network as a user whose browser uses SSLv3, the hacker can steal the user's session cookies, allowing them to access the user's email or other web accounts without using a password.
This vulnerability isn't as significant or wide-ranging as the Heartbleed or Bash vulnerabilities (see: "Shellshock Sure Understands the Halloween Spirit"). However, POODLE reminds us of the significant risks that come with open Wi-Fi, old software, and lax security protocol.
In this article, we'll go over...
- Who POODLE affects.
- When and how to alert customers over minor security vulnerabilities like POODLE.
- How to use a news story like POODLE as part of your marketing strategy.
What Are Your Responsibilities for a Minor Security Vulnerability?
IT security consultants face similar challenges to the boy who cried wolf. If you're always alerting clients about security flaws that won't really affect them, they'll tune you out. In addressing the POODLE vulnerability, focus on which clients, if any, this will affect.
Because POODLE exposes data on shared networks, it affects…
- Small businesses / independent contractors that work from Starbucks or other coffee shops.
- Businesses that use Internet Explorer 6, which still relies on SSLv3.
- BYOD workplaces, where an employee might use their work laptop on unsecured Wi-Fi network outside of the office.
- System or network administrators who need to be concerned about how their customers connect to the business's website (i.e., whether they're coming from open Wi-Fi and using a SSLv3 client).
If any of your clients fit these descriptions, send them a note about avoiding open Wi-Fi and other ways they can limit their risk exposure to POODLE.
IT Consulting Sales Tips: Marketing with POODLE
Ready for an unexpected spin you can put on the POODLE vulnerability? Use it to upsell your clients on better network security.
A news story like the one about POODLE clearly demonstrates many of the problems that small businesses have with their IT security. Clients will see the real-world dangers of outdated security or using open Wi-Fi if you can show them how hackers can use it to gain access to email, bank accounts, and other supposedly secure web accounts.
In particular, you can use concerns about POODLE to…
- Sell software upgrades / overhauls. Use POODLE as an example to explain why old software (like SSLv3, IE 6, etc.) can have inherent vulnerabilities.
- Sell your network admin services. IT security requires active management and vigilance. It's not enough to have software in place. Someone needs to respond to new vulnerabilities.
- Sell office network expansions and alternatives to BYOD. Robust workplace networks are much stronger than BYOD workplaces. Sell clients on alternatives to BYOD that protect them from open Wi-Fi vulnerabilities.
For more IT sales tips, make sure to check out the post, "3 IT Sales Tips to Help You Avoid Becoming a Free Consultant."