The Heartbleed bug has swept across the nation, impacting a countless number of businesses and consumers. The bug is a vulnerability in OpenSSL, which is the name of a 1998 project that was started to encrypt websites and user information across the web. What started as a project committed to data encryption is now standard on 2/3 of all websites on the Internet. Without OpenSSL, our personal information submitted across every website we visit could land in the hands of cyber criminals. Ironically, the OpenSSL software that was designed to protect users contained a flaw that made it possible for hackers to trick a server into spewing out the data that was held in its memory.
When news of the Heartbleed struck, business scrambled to find out how many of their systems were using the vulnerable version of OpenSSL. While the big web companies, such as Google and Yahoo, were able to move fast to fix the problem – smaller e-commerce sites are struggling to “patch” the software quickly. As the larger sites close the door on the Heartbleed bug, hackers are turning their attention to any small and medium businesses that may not have the knowledge or manpower to update and protect their e-commerce sites accordingly.
However, regardless of the size of the business, if customers learn that a company’s system has been hacked and their personal information was compromised, legal issues could arise. Angered customers – and their lawyers – will look to hold businesses accountable for any personal data that lands in the hands of hackers. Businesses need to communicate with their customers to inform them what steps have – and will be – taken to fix the problem. That way, customers can update their passwords accordingly once a business has confirmed that their site is clean.
Many of the impacted sites are not just popular for personal usage, but are used every day by businesses of all sizes. Companies will need to follow the same steps as their customers and wait to receive confirmation from any frequently used websites that the issue has been resolved before changing their passwords. It’s also important to realize that other devices, such as Android smart phones and tablets, are vulnerable to the bug as well.
The Heartbleed bug ordeal is just another reminder of the security challenges companies are facing as more and more economic activity move online. According to eMarketer, an independent research organization, worldwide business-to-consumer e-commerce sales are likely to increase to $1.5 trillion this year. With money like that on the line, you can bet cyber criminals will be vigorously targeting businesses to try and get a piece of the pie. Companies need to take all necessary precautions to protect themselves and their customers.
To learn more about protecting your business, click here.
Blog Author: Vanessa Hartung