FAQ: The Heartbleed Bug

Posted

You may have read about the “heartbleed” bug this week. On Monday, researchers discovered the bug, a security vulnerability in the encryption software used by many popular websites that — if exploited by a hacker — could expose private data like credit card numbers and passwords.

From the Heartbleed Bug website:

“This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

Plenty of companies run Open SSL encryption, including Pinterest, NASA, Airbnb and Creative Commons.

heartShould I be worried?

Don’t panic. Just because there’s the potential for a hacker to exploit the security flaw, that doesn’t mean it has happened. The researchers who discovered the vulnerability have come up with a software patch as a solution. Companies affected by the Heartbleed Bug are currently installing the necessary updates and should be communicating with you about it.

What do I do next?

Depending on your business’ web activities, it’s important to assess your risk. If you’re a TWT client, give us a call so that we can discuss how you may have been affected by the Heartbleed Bug.

If you don’t currently have an IT company, you may want to consider finding one. A skilled system administrator can help you install the software patch, and protect your small business data and your customers. If you need your customers or clients to change their passwords for your site, be sure to inform them of what happened and what you’ve done to fix it.

Photo 1https://flic.kr/p/inZF2N

Topics: Security