With an increasing amount of business transactions being conducted online and rising numbers of small companies using the cloud, the Pennsylvania Small Business Development Centers (SBDC) realizes that some businesses may have been affected by the recent Heartbleed security vulnerability. Below are some helpful tips and next steps for business owners and employees who manage their company’s online presence.
What is Heartbleed?
Heartbleed is located in the Open-Secure Sockets Layer (SSL) software library. This bug allows for the stealing of usually protected information by the SSL/TLS (Transport Layer Security) encryption used to secure the internet. The Heartbleed vulnerability was first noticed in March of 2012 and has left the entire nation vulnerable for the past two years. Nearly five hundred thousand sites, deemed secure, were left susceptible to Heartbleed, including Twitter, Tumblr, Dropbox, Gmail, and YahooMail.
Does My Company Have to Worry About Heartbleed?
When Heartbleed was made public, simultaneously a new, secure version of the OpenSSL was released; therefore, allowing major services like Google and Yahoo to update and patch their systems immediately. Check with the online vendors and websites used by your business and ask if they have fixed the Heartbleed vulnerability, if they have, change your password. You only need to change the password on websites that were vulnerable, or websites that used the same credentials as the vulnerable site.
What Can My Company Do Going Forward?
Change your password for your online business bank account
Be vigilant and aware when major security flaws are announced by the general media
Sign up for security notifications from your software vendors
Regularly update your computer software (browser, operating system, software)
Backup your data and related software and applications
Train your staff in the basics of computer security
Be vigilant and smart (don’t write your password down on a piece of paper, for example)
Consider “two factor authentication” to have not only a password to access your websites, but also a secret code provided on a cell phone or other 3rd party device
Where Can I Find More Information?
For more information on the Heartbleed Bug, go to www.heartbleed.com and for a list of affected service providers and their recommendations, click here.
Pennsylvania SBDC Business Continuity & Survival Services available to small businesses include confidential consulting on topics such as creating business continuity plans, assessing cloud services and data back-up, and growing sales through new markets to diversify revenue streams. Small businesses interested in personalized no-fee consulting on critical business areas should contact their local SBDC for assistance.
“The Effect of Heartbleed on Commonly Used Small Business Websites” Small Business Trends, April 15, 2014 [http://smallbiztrends.com/2014/04/heartbleed-affected-sites.html]
The Heartbleed Bug [http://heartbleed.com/]
“The Heartbleed Hit List: The Passwords You Need to Change Right Now” Mashable, April 9, 2014 [http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/]
“Addressing the #heartbleed panic: advice for small business owners” Kapersky Lab, April 14, 2014 [http://business.kaspersky.com/addressing-the-heartbleed-panic-advice-for-small-business-owners-2/]