Keeping your Website safe from the Heartbleed bug
By now most people have heard about the Heartbleed bug as there have been plenty of “scare” news stories out there. However while those stories have covered some of the basics and inspired a lot of fear in people, they often failed to be very informative.
So what do you, as a business owner, need to know about this bug and how will it affect your business and your customers?
The Heartbleed Basics
The problem with the bug occurs in systems that use OpenSSL, which is an encryption library. It is one of the programs used to create secure web connections and as many as two-thirds of the internet use it. The use of encryption software, like OpenSSL, results in that “padlock” icon in the browser when you are doing things like e-commerce or banking and basically helps protect when your browser talks to those websites. The idea behind SSL is to make things secure so nobody can listen in on the information that is being sent.
The name of the bug is related to a program feature called “heartbeat” that was added about two years ago to OpenSSL that contains the flaw. Obviously this means the problem has been out there for a while and thus why there is a concern that information ‘could’ have been compromised. However it is an isolated programming bug found only in certain versions and is not a design flaw in the underlying SSL so it can be fixed with a software patch or upgrade.
Of course if your organization doesn’t use OpenSSL then you do not have a problem.
Why Does It Matter?
Obviously you don’t want to have customers avoid your site because of concerns over data loss. In this case, the types of data that can be disclosed to attackers are usernames and passwords which can completely undermine site security and result in large data breaches. So if you are the owner of a website that uses e-commerce or has other secure data then you will need to address the Heartbleed problem.
What Should I Do?
Here are the steps everyone should take to make sure that their website is safe:
Please Fill out this form to download this document