The name Heartbleed OpenSSL Vulnerability (aka Heartbleed bug) is as scary as it sounds. Some reports say up to two thirds of all secure websites (e.g. those with a web address starting with a green https://) are using OpenSSL. It has been reported that Google was first to discover the Heartbleed bug that compromised sites including Yahoo, Tumblr, Flickr, Amazon, and other websites relying on OpenSSL for security. This security breach may provide hackers access to accounts, passwords, and credit card information.
Heartbleed and Your Systems
Business owners using OpenSSL for their email, website, eCommerce applications, or other web applications should take action to prevent data loss or theft. The fix for the Heartbleed bug should be installed on your operating systems, network appliances, and other software to ensure that confidential information is protected. Consider having your IT professional test your public web servers to determine if they are safe.
Heartbleed and Your Employees
Your employees may have used websites that were exposed to the Heartbleed bug. This means their username and password combinations may have been compromised by hackers tapping into what was supposed to be encrypted communications. Employees should be reminded to reset passwords within the guidelines established by your company. There are plenty of resources on creating a secure password. Microsoft offers tips for creating a strong password on their website.
The Need for IT Security
Because the Heartbleed bug is pervasive, most internet users need to change passwords on sites like Gmail, Yahoo, and Facebook. The Heartbleed bug is a wake-up call to the importance of having an IT Security policy that includes strong password policy, employee training, and systems compliance. As applications get more complex, more issues like Heartbleed can be expected. The Heartbleed OpenSSL Vulnerability highlights that applications have security risks, and it is just a matter of finding them.