The software bug, Heartbleed, is particularly bad news. It may have compromised as many as 500,000 sites, including some big ones like Yahoo, Google, GoDaddy and Amazon. It’s also not entirely clear how long this has been going on, so even sites that have been patched may have lost data before the patch was applied.
Determine if your site is affected and, if so, fix it. Check the security of your own financial information and other external sites you work with. Then, change all your passwords. Consider investing in some insurance against data loss and make sure that you stay on top of information about cyber threats. Even if you and your business escaped harm this time, consider it a wake-up call.
What Is Heartbleed?
The flaw affects services and hardware running Linux or Unix-based systems using OpenSSL versions 1.0.1 to 1.0.1f. Heartbleed threatens the security of online payments. Visa, for example, has advised all merchants to patch their systems as soon as possible. It may also compromise your customers’ private information if your business uses an online CRM (Customer Relations Manager). For those without an IT staff, LastPass and consultant Filippo Valsorda (by no means an exhaustive list) have created tools to determine if your site has been affected.
You should be concerned about the security of your own information, as well. The chart created by Mashable is pretty hair-raising, but it’s a reasonable place to start in assessing your own risk. You can also just go to your search engine and type in heartbleedcheck.com and then the name of the site you want to know about.
Change Your Passwords
Once you determine that your own site and any external sites you use are secure, change your passwords. Some of the most interesting advice comes from “ethical hackers,” who suggest things like two factor authentication or storing all passwords in an encrypted vault. You probably don’t need to go that far, but at least make sure that all passwords are strong — eight or more characters, no words, no two the same. Insist that all your employees do this a well. If you do not already have a policy or a system in place that requires passwords to be changed periodically, this would be a very good time to start.
Consider Insuring Against Data Breach
Remember Target last Christmas? It isn't just Heartbleed. Data breaches are a chronic problem. The smarter your business is, the more sensitive or non-public information you may find yourself storing. Losing information is one level of risk. Losing a lawsuit because you lost control of a customer's information is another. This may be the time to consider data breach or cyber liability coverage.
Watch Your News Feed
If you haven't already, think about adding some regular information on cyber threats to your daily reading. You presumably have enough to do, but one wants to be a couple of weeks late in finding out about this sort of thing.