The technology industry was abuzz with revelations last week after the discovery of a critical software bug called HeartBleed. According to information registered with the Common Vulnerabilities and Exposures system, the bug made it possible for the attacker to steal the servers’ private keys as well as user session cookies and passwords. The bug affected security on over half a million web servers that made use of the OpenSSL cryptography library.
Although the bug itself has been fixed with a new version of OpenSSL being released, the revelation has created quite a debate on the number of loopholes that businesses are susceptible to on the internet. A lot of the biggest tech companies, including the likes of Amazon Web Services, Akamai and SourceForge, were impacted by HeartBleed, which means that if you are one of the small businesses making use of AWS or Akamai, you are likely to have been a target too.
What Should You Do Now?
The first and foremost thing that any small business must do is to test whether they have been affected as well. You can use this link to test if your website has been affected as well. If it has, then you should be quickly resetting the password to all your admin controls. Apart from your server credentials, you must also change the passwords to all third party accounts held by your business. This includes your login credentials to your AWS dashboard, your Tumblr account, your GoDaddy hosting account, your Google services account, etc. The reason is because hackers who exploit this bug may steal your information from any of your social media or third party services account.
Is That All?
Absolutely not. According to latest reports, HeartBleed could also potentially impact anti-virus software, firewall services, mobile applications and network switches. This makes it important for businesses to take a comprehensive look at every component of your technology infrastructure and assess your vulnerability here. The ExpertIP blog has an exhaustive list of resources that you could check out. A security audit could reveal other potential loopholes in your infrastructure that could put your business at risk.
Re-Evaluate Your Subscribed Services
If the NSA PRISM revelations made a lot of businesses skeptical about cloud services last year, HeartBleed should reinforce that skepticism even further. According to a WSJ report, the NSA had apparently known about the HeartBleed and other similar vulnerabilities but, instead of asking for a fix, used these vulnerabilities to gain access into web servers until a fix was implemented. Given the bad rep that NSA received last year for PRISM, these revelations are likely to make small businesses even more wary of using third party services. If you are a business that hosts confidential data on third party services, re-evaluate your priorities and migrate some of them in-house if you deem it fit.
HeartBleed is not the first nor the last of security bugs that cause havoc on the technology infrastructure of today. However, by adhering to the right security standards and best-practices, your small business can ensure that the impact due to such vulnerabilities are kept at a minimum.
Author: Frank Gothmann writes on security and IT infrastructure. He may be reached at firstname.lastname@example.org.
Small Biz Club is the premier destination for small business owners and entrepreneurs. To succeed in business, you have to constantly learn about new things, evaluate what you’re doing, and look for ways to improve—that’s what we’re here to help you do.