What You Need to Know About the Heartbleed Bug, as a Business Owner and a User

April 15, 2014

3:05 pm

Yes, there’s a high chance that your personal and business logins have been compromised by the Heartbleed bug, and there are steps you should take to protect yourself.  

In case you’ve been wondering if the oft-mentioned Heartbleed is indeed the new season’s Game of Thrones villain, I have bad news – it is not.

It is the most significant widespread security bug in recent history that affects websites, servers, routers, phones and video cameras.

According to Netcraft, two-thirds of websites are affected by the bug, including Dropbox, Facebook, Gmail and many others (here is a great summary).

Why it matters to you and your customers

The nature of this bug is that ANY information that passes through an infected website is compromised until the encryption protocol is updated.

  • Whether you are a startup, software vendor, or a consultant, chances are you are using a lot of cloud tools every day, and doing a lot of sharing internally and with clients.
  • If you are an e-commerce or transaction-focused company, no matter how small, you are storing a lot of sensitive personal information.

This means that if you are a reader of this blog, you are very likely a user of MANY affected websites, and may possibly also run a website that has been compromised. You’re also likely to notice quickly as your daily and weekly counterparts are changing their passwords as well.

What you should do right now

As a user

In a password crisis like this, you should update all of your accounts as soon as possible. Andrew Stroup, CEO of CommonKey recommends the following 4 steps:

  • Identify whether you’re affected (your own website)
  • Identify which of your accounts were impacted AND when they have resolved the bug
  • Change your passwords (all of them)
  • Utilize strong password methodology/generation going forward

Also, be doubly vigilant for phishing scams about password reset in the next few weeks.

As a website operator

The best practice in this situation is to first get the handle on the fix that is required and then clearly communicate to your customers either right after the fix is in place or with a clear expectation of when it will be. You do not want your customers to change their passwords before you fix the problem and remain at risk.

Best practices for the future

This event has certainly brought to the forefront the fact that most users’ approach to password management is just not secure. Andy Ten, Senior Manager at Hitachi Consulting, said:

“With all of the recent security breaches, many passwords have been exposed – and it’s disappointing to see that many people use one or two passwords for all sites. Best passwords are those that you can’t remember and are unique to each website and service.”

As we have seen a number of times recently, the reputation risk to a brand that leaves itself exposed to a data breach is increasingly high. According to Stephen Singam, Chief Security Technologist at HP Asia,

“Brands should consider using a two-step authentication process.”

That basically refers to the process of sending out a real-time text or app-based code as a second step of the account verification/password change process. While that solution may seem cumbersome at first, it eliminates many a headache on a day like today. Some companies, like Box, a file-sharing service, already offer this as a feature.

For some of us who are even more concerned about security, there are biometric-based security authentication solutions coming on the consumer market that are now affordable and reliable. One great example is Myris from EyeLock, an iris-based password security solution.

Our digital needs are maturing and so are our security needs. Let’s try to keep up!

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Katya Constantine is a seasoned online marketer with over 11 years of experience. She has developed a uniquely comprehensive background in email and omni-channel marketing for large online brands. Most recently, she was at Expedia and Amazon, leading projects ranging from behavior-based programs to increasing customer acquisition and conversion with great results. Katya has successfully worked to bridge mobile, email, search and social channels to increase online performance at many large web properties and ecommerce startups. Presently, Katya is the CEO of DigiShopGirl Media. She is also a marketing mentor for technology startups via Entrepreneurs Roundtable Accelerator program and an active blogger/speaker on topics ranging from mobile email to effects of the visual web on online marketing. You can follow Katya on Twitter @digishopgirl.

  • Shares

Leave a Reply

  • (will not be published)