The Heartbleed virus has struck websites across the world and put people's online security at risk. While the phenomenon has created a mass panic, there are still a lot of people who don't know what Heartbleed is or how it might affect them. Here's a quick description of what the virus does, how it might affect your network, and what you can do to make sure your business network remains as safe as possible with a minimum of risk moving forward.
The Heartbleed virus is an exploit that can affect any website or program using OpenSSL cryptography. The program targets the Transport Layer Security, or TLS, protocol. The virus gets its name fr om the fact that it targets the heartbeat extension. The heartbeat extension is a periodic signal sent to the server sent every few seconds to indicate that the user or connected computer is still there. If the heartbeat isn't received, the machine assumes that the connection has failed. By piggybacking onto this protocol, Heartbleed manages to slip in undetected and then transmits personal data, particularly passwords, to the user who sent the virus. This represents a major security breach for many networks.
As a result of the Heartbleed virus, many of the most commonly visited websites across the world have been compromised. Nobody is sure the exact extent of the damage or whether your personal or business information might have been stolen. All anybody can do is take the most cautious scenario possible. Most websites that use OpenSSL, including social media networks such as Pinterest and many online storefronts, have worked around the clock in order to make sure that the security loopholes opened by Heartbleed have been closed. Even then, the fact that they don't know whose personal information might have been accessed means that all activity will be carefully scrutinized.
For individuals, the best way to protect yourself from this virus is to make sure you change all your passwords. Passwords should be easy for you to remember but complex enough for other people not to guess. You should make sure it contains uppercase and lowercase letters, special symbols such as @ or &, and numbers. These passwords shouldn't be based on a name or dictionary word, and they should never be something that has a strong personal connection to you, such as the name of a pet, your birthday, or a favorite vacation spot. You should also make sure not to repeat passwords at different sites. If you do, somebody who guesses one password can potentially access all of your accounts.
When it comes to securing your business, many of the same principles hold true. You should make sure that your employees change their network passwords immediately. The best way to do this is to force a reset by assigning new temporary passwords that then require the employee to come up with a new password upon signing in. Some network software will also allow you to put certain requirements in place, such as the presence of a number and a special character. You should also examine your network infrastructure. More than likely, you use some variation of OpenSSL in your day to day protocols. Make sure you are current on all software and security updates.
If you rely heavily on remote networking, you may have a few more logistical issues to deal with. In addition to having to deal with the password reset and security update steps outlined above, you should make sure that all your hardware is accounted for. Make sure you have each employee in the field check in with the serial number of their laptop, tablet, or other mobile device. If you employees log in using their personal devices, you should make sure they report any instances wh ere those devices go missing or leave their possession for a time, even if it's just bringing the device in for repairs. Anytime a device leaves somebody's possession, your network runs the risk of getting compromised.
The best news about a cyber attack that is this widespread is that the industry as a whole has reacted very quickly. The exploits that Heartbleed took advantage of are already being closed. However, that doesn't mean you should relax your own vigilance. Take care of any holes that might exist in your own network and make sure your employees know how to keep their personal and business information secure.