The news about Heartbleed, a bug that exposed sensitive user information via a coding error in the commonly used online security protocol OpenSSL, shook the technology world to its core last week. The New Yorker called it “as bad as a security flaw can be.” The New York Times described it as “a stark reminder that the Internet is still in its youth and vulnerable to all sorts of unseen dangers.” Cryptography expert Bruce Schneier said “catastrophic is the right word to describe Heartbleed…on a scale of 1 to 10, this is an 11.”
Why? Because Social Security numbers, passwords, logins, credit card information, and even the encrypted keys supposedly keeping Internet activity safe could have been compromised. Because Heartbleed went undetected for nearly two years. Because Netcraft estimates that up to 500,000 sites could have been vulnerable. Because the bug can be exploited at any time, by anyone on the Internet, without leaving behind a single shred of evidence.
The problem was first identified two weeks ago by a team of Finnish security experts and Google researchers, and the findings made serious waves last week, with most experts urging users to immediately change all their passwords. But some outlets also warned users to proceed with caution and check a site to see if it had been fixed first. “If you change your password and the site hasn’t been patched, then you’re giving a hacker a new password,” said open-source security analyst Zulfikar Ramzan.
On April 10, Mashable reported that the following sites, which collectively account for nearly two billion users, may have been affected, had applied security patches, and were urging users to change passwords:
What Can You Do to Minimize the Impact of the Heartbleed Bug?
1) Change your passwords for all online portals—email accounts, online banking, and any other logins. Sounds obvious, but we’re serious: create new, strong, and secure passwords for any online portal, as there’s still no indication of the Heartbleed vulnerability’s scope. It only takes a minute and it will instantly improve your online security. Using a password management tool is crucial.
2) Check your business’s website, particularly if it relies on e-commerce. If, as many experts fear, the Heartbleed bug has been stealing data for the last two years, credit card info will probably be at the top of that list. Many online outlets purport to test for Heartbleed vulnerability, but working with a trusted IT provider is your best bet to ensure security, transparency, and proper implementation of fixes. All of CMIT Solutions’ websites were unaffected by Heartbleed, allowing us to concentrate on proactively solving any problems our clients may have with the bug.
3) Consider a remote monitoring and management service that keeps your systems safe and running. Keeping up with the avalanche of tech troubles in the news recently (CryptoLocker, data breaches, and now Heartbleed) is virtually impossible—especially when you’re trying to run a business. Rather than stressing over anti-virus updates, security fixes, and malware protection, shouldn’t you concentrate on your area of expertise: giving your customers the best service possible while increasing revenue?
CMIT Solutions can help. We take online issues like Heartbleed very seriously, and we’re committed to improving productivity and enhancing efficiency so that you can achieve your business goals. If you want to make technology work for your business, not against it, contact us today.