So about that Crypto-Bug, “Heartbleed”…What is it?

Regardless if you’ve heard the media waves about this bug or not, it can be quite easy to feel somewhat overwhelmed about the best course of action to defend yourself and your business. We’re hoping that the following information below will help to provide you a good understanding of this pesky bug and some steps you can take to reduce the risk of being a target.

What exactly IS Heartbleed?

Heartbleed is an internet security vulnerability in OpenSSL, which is used by many different websites and products to keep connections secure. Many websites and products use encryption to prevent sensitive information from being exposed, thereby making it more difficult for an outside attacker to steal information. An example of this would be the “https://” portion of a URL that you may see at the top of your web browser, or possibly a picture of a lock next to the URL itself.

However, Heartbleed provides attackers the ability to steal subsets of a computer’s memory, potentially exposing the data that websites are trying to protect. This could include sensitive information such as the usernames and passwords used to access a vulnerable site.

What has Constant Contact done to protect our customers?

Most importantly, we want to make sure that you know that your Constant Contact password was not vulnerable to Heartbleed, and none of our sites are currently vulnerable to the Heartbleed attack. As soon as Constant Contact was made aware of Heartbleed, we immediately reviewed our website, our products, and engaged with our vendors to address any potential issue that could leave us vulnerable to this type of attack. Any potential Heartbleed vulnerability discovered as a result of our research and testing was addressed and patched promptly. Though we are not requiring you to reset your password, you may elect to do so. We’re committed to keeping our products and services safe for all our customers to use.

What can I do to protect myself and my own business?

Running a business takes enough work as is, so we do understand that taking the time to devise an action plan for staying ahead of Heartbleed is probably not on the top of your list. However, there are some simple steps you can take to reduce the risk of falling victim to this bug:

  • For all your most cherished things on the Internet, such as your email, social media, or bank accounts, check to see whether a two-factor authentication mechanism is available for you to use. This process makes it more difficult for a fraudster to successfully log into your account, by requiring an additional layer of security such as a token code that can be generated on your mobile device.
  • Reach out to the vendors you do business with, and ask them if a product you use is currently vulnerable. If so, ask them what is being done to help mitigate the risk. Keep that line of communication open.
  • If you have received an email from one of your trusted service providers asking you to change your password, you should change it immediately.
  • …And while we’re talking about passwords, please make sure you refrain from re-using the same password for your Constant Contact account, as well as any other places you access your sensitive information!
  • Keep an eye on your Constant Contact account and other personal accounts. If you see any suspicious activity or something just seems “out of place,” let us know about it, or the service provider that hosts the account you have any concerns about.

Stay safe!

We hope these steps will empower you to stay on track with growing your business without deviating too much from what matters most: Keeping you and the online stuff you love safe from fraudsters.