As you may have heard, there has been a huge security threat. This is a very big issue in the world of online transactions. Even if your business doesn’t sell anything online it doesn’t matter. This issue has to do with everything that is secure. It’s every time you log into a website. This is considered the biggest cyber security threat in history!
Many websites you use that have personal and business information may have been infected. You as a business owner must take the necessary steps needed to protect yourself and your business.
Explanation of SSL & TLS
First off, SSL stands for Secure Socket Layer. That didn’t help anyone much now did it? It is what encrypts all your data through the Internet. That means no one except for the intending parties can understand the data. It’s that little lock you’ve been told to look for when you enter your credit card information. It’s the https:// websites. The security experts realized that there is a security leak with the software that is being used called Open SSL. This technical issue has actually been in the open for a while. But only reported on recently.
First don’t panic and think this is the end of the world. It isn’t. There has been and will always be cyber security threats. It’s a part of life online and our dependence on computers. Second you must know all the websites you login in with. This is something that I help my clients and I can not stress enough. Have a list of all the websites you login.
Mashable has a great list of businesses that were infected and if they fixed the issue.
How this makes your business unsecure
You need to have a list of all the services you have a username and password for. This is especially needed if these are primary business applications. For example, if you are using PayPal or any other payment process company. These are services that customers are using and they represent your company.
My security product, which is coming out soon, will go into detail on how to manage these issues better. However for the time being, let’s just start with what you’ve done in the past couple of days. More importantly ask yourself what primary business applications your customers use on your behalf? Write down the websites that you login.
Just the name of the site and URL will do. For example Facebook – www.facebook.com.
How to protect Yourself Now from security threats
Think of the websites that are most important to your business. Like: twitter.com, facebook.com, amazon, paypal and any others you always are logging into.
Make a list. Start with these but the list should be any website where you put your username (or email) and a password. Take a look at my post on organizing website logins.
Now scan the website from that list here using there SSL scanner. This site will give you a grade of the websites SSL certification. Again that is how secure the website really is. Also it will say in plain English whether it is affected by the Heartbleed vulnerability. I would say be careful of any website that scores a C and below. B’s and A’s are fine. More importantly right now mark sure it says:
‘This server is not vulnerable to the Heartbleed attack. (Experimental)’
If any of those sites come back that they aren’t fixed, don’t login in to them. Again do not login! Contact the companies support line and ask when it will be fixed. Even ask them on Twitter and Facebook if that’s easier for you. It’s important to wait until the site is fixed.
Start by resetting your passwords now. Reset your passwords for all your websites. I have done the same. Remember if the site isn’t fixed, don’t reset that password yet. Don’t login. Only reset your password on websites that the above scanner says is not vulnerable.
Also create a secure password. Make sure it is 12 or more characters, letters, at least one upper case letter , lower case letter and number. Refer to my create a secure password post to create a secure password easily. To make a password unique you can add the first letter of the website to a core password. So if you password is mysecurepassword, then your facebook password would be mysecurepassword-f or mysecurepasswordf. Of course do not use that password if it’s not secure. Read my secure password post for more password security help.
Who is affected by Heartbleed?
Chances are somewhere a site that you use has been vulnerable to this issue. OpenSSL is used in 66% of all websites. However the piece that has the issue of Hearbleed is estimated to have affected as much as 17% of secure websites. That’s over 500,000 websites! I’m not putting this post up to scare you. If you want to be scared look at all the top media websites. Let’s talk about protecting and making sure your data is safe.
The True Issue of Problems Like HeartBleed
The issue is if someone got your username and password from one website, they can use it on other websites that you are using the same data. This has nothing to do with you having a secure password. You could follow all the best practices to stay safe online and still have an issue with the Heartbleed threat.
I have recently gotten a lot more fake emails from friends and have heard of many people’s Facebook and twitter accounts being hacked. No one can prove this has anything to do with Heartbleed but it could be related. It’s good to follow the basics which my upcoming security product will cover. I have made a Security section on my blog to help you which has security related posts.
There is no true way to be 100% secure. However, you must be aware of these issues. Your business needs the online world and all the applications and services that save you time and money. There will always be cyber security threats. When something like this happens, it tends to make people more fearful of using online applications. That is understandable. Like everything else in life, you are responsible for you. Like many other Technologists out there, I am here to help. It can be a scary world if you are not Tech Savvy. Realize that I am here to help you get more Tech Savvy and run your business better.
Very important! Right now you need to do the above action step’s. Check the sites that you use, starting with the most vital to your company. Check all the sites if possible. Reset your password (take a look at my creating a secure password post) and remember to have a website login list of all the websites you have created a username and password for.
To your Tech Success!