On April 7, it was announced that a new flaw in the internet’s security systems had made itself known. The bug is called the Heartbleed Bug and, without getting too technical, it has the potential to affect a lot of people by making their private information–passwords, emails, IMs– vulnerable. Digital safety is really important to us here at Dun & Bradstreet Credibility Corp., and we’d like to emphasize that for small businesses who have or use e-commerce sites, addressing this problem is critical to protect employees and customers alike.
To start, LastPass has created a resource where you can check individual sites to see if they have been affected by the bug. Avoiding these websites for a few days might be advisable, if possible. Certain websites indicate they have fixed the bug, but caution is always advised.
Employees should be notified not to log in to any of the compromised sites with company credentials until the site has patched the problem. An article from Business Insider, in fact, reports that this vulnerability has existed for two years, and that all passwords should be changed. However, if sites affected have not given an all clear, don’t change your password yet. Changing your passwords right away could exacerbate the problem. You can check the top 100 sites and their status’ at CNET. You can also reach out to sites that aren’t on the top 100 list directly to find out if they were affected.
Once a site has announced that they have patched the problem, don’t hesitate to change your password.
If your own business’ website is vulnerable–and it might be, because the bug affects technology that 66% of websites are built around– the best thing you can do is keep your customers in the loop. If customers’ private information is at stake, they need to be updated and notified regularly as to the status of your business’ vulnerability to the bug. If you do find that your website is compromised, you will want to advise customers what they should do to protect themselves. Tell them to wait until your site is secure and then change their passwords. Also advise them to monitor their financial statements in case any suspicious charges or withdrawals are made.
In the meantime, a fix for the bug has been released for OpenSSL, the software library affected. Heartbleed.com advises, “operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.” Contact your service provider for more information on the bug and to find out if your business is vulnerable and keep your eye on your financial statements for the next couple days. Photo credit: altemark, Flickr