Last week, the world caught wind of Heartbleed, a massive security flaw that has the internet in a tizzy. According to TechCrunch, the all-consuming security flaw exploits a bug in the implementation of OpenSSL’s “heartbeat feature,” hence its catchy name. The exploit in question allowed potential hackers to reveal up to 64k of unencrypted memory to a connected client or server. While not much on its own, parties could duplicate the exploit repeatedly, eventually uncovering private, sensitive data with little to no effort. Companies are calling this one of the worst security flaws to ever plague the internet. Yeah, it’s that big.
According to TechCrunch, the Apache web server that is responsible for powering about half of the internet’s websites uses OpenSSL. For those who don’t know, OpenSSL is an open source toolkit and cryptographic library that secures massive portions of the Internet’s traffic, including big-name sites like Google, Yahoo and WordPress.
While most of these websites have fixed the potentially hazardous bug, consumers and businesses should still reset their passwords on many common sites, including Instagram, Google, Yahoo and GoDaddy. Click here for a full list of websites that were affected by Heartbleed. Experts note that even though the problem has been patched on most sites, to be protected, consumers must change their passwords after the fix is installed (meaning that password changes that took place before April 7th won’t protect you). Huffington Post also reported on Wednesday that Android users might still be at risk from Heartbleed, particularly those who are utilizing older versions of the Google operating system.
Companies will need to update any machine that’s running the latest version of OpenSSL with all necessary patches, get a new SSL Certificate for secure websites and generate new encryption keys. Once the proper steps have been taken, businesses should notify users of the fix and prompt them to create new passwords.
While Heartbleed has caused quite a stir over the past few weeks, the exploit has also revived an important discussion about how businesses and websites handle and protect sensitive information and data. Over the past year, numerous data security threats have hit the news. And as Target’s massive data breach has shown, customers don’t take kindly to slip-ups in security. That being said, businesses shouldn’t cower in fear of being hit with a data security breach. By following these three digital security takeaways, you can ensure that your company will be able to handle any data security exploit that comes your way.
Has your data already been compromised? In the event of a data breach, transparency is key: Let your customers know what happened and what actions (if any) they should take, and then share how your company plans to prevent future data breaches.
While the current Hearbleed crisis is now under control, businesses face a number of security risks on a daily basis. To reduce your company’s risk for being targeted, strengthen your digital security strategy before it becomes an issue. To compare the top-rated digital security and IT management software solutions, download one of our many free Top 10 IT Management Software reports. In each report, you’ll get a side-by-side comparison of the best solutions in each segment. These will be a valuable resource in determining which products will best protect your assets and data.