Chicago (312) 971-8500 | Milwaukee (414) 253-0464

How to Protect your Business from the Heartbleed Bug

by | Apr 14, 2014 | Cyber Security

What is the “Heartbleed Bug”?

 To put it simply, it’s a bug that affected most of the Internet.  It affects any data that is being transferred over the Internet that should be secure through a specific type of of cryptographic “translator” called OpenSSL.  This translator is a way to securely transfer emails, credit card information, website information and a thousand other things on the internet.  It is used as a standard for secure communication.

Why should you care?

Unless you live under a rock, or don’t use the Internet, I’m willing to bet my lunch that you or your coheartbleed-fixmpany are affected directly or indirectly by the Heartbleed bug/exploitation. Compromising OpenSSL is like giving anybody the ability to read your life or businesses’ secrets like an open book.  This includes emails, financial, bank, credit card information, business trade secrets that give you a competitive edge, etc.  Would your company like to be the next “Target” that gets to tell all its customers that it got hacked and didn’t take measures to protect not only your company, but your client’s data

 

Are you affected by the Heartbleed Bug?

In a word: YES
Gmail, Yahoo and Facebook were affected as well as 66% of the websites on the Internet.  If you use or share a password with one of these vulnerable sites, you probably want to keep reading.
 
Let’s say you use your email address and password to log into Facebook or Pinterest (a Heartbleed affected site), that site could have been compromised, so a bunch of hackers got your email and password.  If you use that same password to log into your email, then your email and account attached to it could be compromised.  If you online banking information is attached to that email, all they have to do is go to your bank’s website, click “I forgot my password,” put in your email address, and then your bank’s password reset protocol is sent right into the hands of those bastard hackers.

 

heartbleed-grinds-my-gearsShould you worry?

It is a very real worry. Shockingly, this vulnerability has been around for over 2 years, but only discovered a few days ago publicly by a person nice enough to share with the world.  That means if a malicious hacker/business/country that may have stumbled upon it and exploited this vulnerability in the past 2 years, could have done so without anybody’s knowledge.  There is no real way of knowing who or how it was used to exploit.

 

How do you protect yourself from the Heartbleed Bug?

At the bottom of this blog is a link for the big name sites that are or were affected.  If you shared a password with any of these sites such as a bank password and Facebook (one of the affected sites), you need to change password for both.  If you see suspicious activity on your business or personal credit cards, cancel them and get new ones re-issued.  Have your IT department or trusted IT support vendor help do an audit and check that there were not systems affected, and make sure all your systems are updated to the latest versions of OpenSSL.

Additional Resources

 

If you need a quick check to see if a website is (or was affected in the past) go to LastPass Heartbleed checker

 

If you want a better understanding of how SSL works, check Wikepedia

 

If you are more technically averse, and want details on the vulnerability, there’s a site dedicated to all the FAQ you could possibly want to know about the specifications of Heartbleed.

 

The Industry Secrets You Can Expose

Check out our  IT Services Provider Comparison Chart. It is a complete checklist with 20 questions you MUST ask before hiring anyone to support your systems.

MEMBERSHIPS