The Heartbleed Bug is so widespread around the Internet, that businesses should simply use caution and assume that they have been impacted.
Thousands of websites, some as large as Facebook, Google and Twitter, were left vulnerable. Most businesses use several cloud-based web applications such as Google Analytics or Salesforce for critical tasks. Any business data or customer data stored in these locations could remain at risk.
Businesses are only as strong as their reputation. Many of the small to medium-sized businesses out there do not have the capabilities to hire fulltime IT staff. So it is important for them to understand the steps that they need to take in order to protect themselves from the Heartbleed bug.
Consider out of band authentication
Passwords have their limits, when it comes to protecting sensitive online data. Heartbleed makes the need for out of band authentication from companies such as Authentify critical. The solution to protect data via passwords is to strengthen the password with long strings of numbers, letters and caps. This causes an inconvenience for the user, weakening the experience on a whole.
Password resets are often handled via an email link. The problem is that if your bank account information has been compromised, for example, chances are that your email password has been compromised as well.
This is where out of band authentication can help. Gaining access to a new password through a separate and secure channel such as a voice telephone call or a secure smart phone application can be enough to deter hackers.
The threats of Heartbleed can go well beyond a business’s website. The bug can threaten a business’s entire enterprise system. This includes any third-party websites the business uses, hardware, or the use of any web portals or cloud-based systems for payments or data storage.
Check your business hardware
There are several pieces of hardware out there such as routers, firewalls, or Internet networking devices that run on embedded versions of OpenSSL, which makes them highly vulnerable to the bug. Make sure that you check with the manufacturer to find out which products and models were impacted by the bug. Find out if and when they plan to patch the version that they are running.
List out the services your business uses online
By now, the majority of the major web services that your business uses online should have security patches, making their OpenSSL safe. Consider your business transactions, social media communications, and email. Think about anywhere that you may have sensitive business data, or sensitive customer data left online. Check to see which of these sites have been impacted by Heartbleed.
If you are unsure about the site that you are using, there are now add ons such as Chromebleed that can tell you if the site that you are using has been impacted by Heartbleed.
Changing passwords on the various sites your business uses is important, but can have limitations. If the site that you are changing the password for has not done anything to fix their exposure to the bug, it will not matter, and your level of exposure will remain.
For businesses, it is important that any employees have an understanding of these concepts as well. Make sure that they understand when a piece of hardware has been impacted, or when your business remains exposed through a specific website. If there is someone within the business who does not properly change their behavior, it can be self-defeating.
It may also be time to utilize the services of a password manager. This way you can retain that data in one location, and more easily avoid the temptation to use the same passwords across the web, in more than one location.