As Heartbleed began to affect the tech world last month, it has now become inescapable, popularized in all forms of news media. The bug affects more than 2/3rds of all websites and capitalizes on a flaw in SSL (Security Socket Layers). Information once thought to be encrypted online can now be stolen, and the bug is already beginning to claim victims.
Most likely your data is affected which could include social security numbers, credit card numbers, but more commonly your online identity through usernames and passwords. Although it’s still unknown whether successful attacks directly attributed from Heartbleed have occurred. National media coverage is a step in the right direction, as Heartbleed continues to become a more serious threat to the personal identities of millions of internet users. The more the average consumer perceives Heartbleed as a threat, the more likely they will take action, yet all is not in the clear.
As the flood of emails from common sites we use everyday begin to bombard our inbox, a more serious problem with human nature still exists. Apathy will prevent heartbleed from being resolved in a timely manner. How many consumers will ignore the password reset emails and continue browsing the web without a second thought? Too many. And what’s worse is consumers who do change passwords on online accounts are still vulnerable, it’s possible the information was stolen before a website patched the Heartbleed bug vulnerability.
Apathy is why according to a survey conducted by PayPal, 60% of online users use the same password for all online accounts.
Apathy makes Heartbleed a serious threat to the security of the internet. It also leads to ignorance, provoking one commenter on a national news site to share their username and password of their online accounts. The inevitable happened next, they were hacked.
Heartbleed has affected 2/3rds of the internet, yet not all companies are Google and Amazon. Many small business websites have been comprised. Without an internal IT team or partner, it’s very likely local or small businesses have been hacked with data compromised and what’s worse, they might not do anything about it. As a small business, it is your responsibility to alert customers and monitor if your site has been affected by the Heartbleed bug. If so, it is your responsibility to patch and fix the vulnerability.
What to Do if You Are Apathetic
If you are a consumer, take the time now to update your online accounts and create new, more secure passwords. Mashable shared this great guide which shows sites that need passwords changed, and those that don’t, for now.
If a small business, discuss with your IT department or partner any vulnerabilities from the Heartbleed bug. There are many sites that exist to help identify if your site has been affected. Here’s just one.
Daren Boozer is the President & CEO at NCC Data. NCC Data specializes in IT outsourcing and managed services consulting. It is one of the top independently owned IT services and communications companies in the Dallas-Fort-Worth Metroplex.