OpenSSL Risks

OpenSSL RisksHeartbleed Problems for Business

You’ve probably heard about the data security breach Heartbleed from your bank, email provider, and favorite eCommerce shop. In fact, if you haven’t heard about OpenSSL risks from a website that stores profile or account information that you access with a login and password, then you need to take action.

What is Heartbleed?

During the spring of 2014, developers identified a major security vulnerability in OpenSSL, which is a common implementation of SSL. SSL is the decryption protocol used to protect information online and is often used to safeguard payment, login, and other sensitive information on web servers. The vulnerability, which was dubbed Heartbleed, offered a chance for hackers to intercept information such as passwords, logins and decryption keys, which would give them free reign in user accounts.

Other OpenSSL Risks

Sites using OpenSSL worked quickly once Heartbleed was discovered to close the gap. Users were asked to change passwords as tech teams worked to restructure code. Still, the damage to trust was done: If Heartbleed had one door, all SSL varieties may have others. That’s why OpenSSL risks should be taken seriously (as a consumer and business owner).

Protecting Your Information

At a time when so many banks and organizations are moving to paperless communications and procedures, it’s not a viable option for most to disconnect from the Internet (thus eliminating OpenSSL risks). Instead, protect yourself by following good password and account management protocols. Somethings to do include:

  • Logging into all personal accounts to check statuses.
  • Changing passwords on all accounts immediately.
  • Setting a schedule for password changes—go no more than 90 days without changing passwords for each account. Or, use a password vault so you can use extremely robust passwords that you can’t remember.
  • Monitoring account activity on a regular basis—log into credit and checking accounts several times a week if possible to ensure no suspect activity is occurring.

Were you exposed to OpenSSL risks with Heartbleed?