Let’s face it, as long as computers and devices are networked together, sharing important or private data, people will always try to hack them. One of the best ways to prevent or limit these security breaches is to educate yourself about them or turn to a trusted source that can help support your security needs. Did you know that there is a new threat that breaches computers through the USB port?
While USB threats aren’t anything new – USB thumb drives are well known to be used by some employees to copy and take important files with them when they leave the office – this latest threat is a little different. Hackers have developed a USB stick that can bypass Windows Autorun features and infect your system.
How do these drives work? As you may have noticed, when you connect a device like an external hard drive to your computer via the USB port, Windows will not run, or open the drive. Instead, you will get a window with a number of options, including: Open folder to view files, Download pictures, Play files, etc. The reason for this is because hackers figured out a number of years ago how to put a virus on a USB stick, which when plugged into the computer, would be auto run (started up) by Windows and infect the system.
Hackers have recently figured out how to trick this feature. What they have done is create a flash drive that looks like a USB memory stick. Only, when you plug it into a computer, Windows thinks it’s a plug-and-play peripheral like a keyboard, and will allow it to run. There is memory on the stick, where hackers can write and store a virus or infection, which will then run, infecting the system.
There are four things to be aware of with these drives:
What does this mean for my company? Because these devices are nearly indistinguishable from real memory drives, it is nearly impossible to spot and therefore stop them from infecting systems. Because these drives are currently hard to find and infection rates are generally low, many companies probably don’t have to worry too much. However, you can bet that these drives will probably become more popular in the near future.
This doesn’t mean that you don’t have to be aware of this risk and understand that these drives exist. Some companies have started to take action by disabling USB drives, monitoring what employees plug into their drives and even providing employees with tamper-proof USB drives.
One thing you might have to concern yourself with is if you allow employees to bring in their own drives. In general, if you take steps to ensure that the drives being used are legitimate and approved by the company, this shouldn’t be much of a problem. Of course, keeping your security systems and anti-virus scanners up to date and functioning is always a good idea.
If you would like to learn more about this security threat and what you can do to stop it, including how we can help minimize risks, please contact us today to see how our systems can help you.
The security of devices used in the office should be a top priority for business owners and managers. It is easy to think that a fully functioning device like a mobile phone is secure, and most of the time it is. The thing to be aware of however, is that there are always hackers looking for security flaws in these products. The latest flaw highlighted happens to be on the Android system.
In early July, mobile security company Bluebox announced that they had discovered a large security flaw in the Android system. The threat centers around a trojan application that can gain access to application data including email addresses, SMS messages, etc, and can get service and account passwords. In other words, it can take over your whole phone.
The way this so-called trojan infects mobile devices is through an app. Hackers have figured out how to tinker with the application’s code, and implement the malware without changing the cryptographic features that are used by Google Play and other online stores to validate and identify apps.
What this means is that the changed app looks legitimate to Google, developers, our phones and us, but it really has malicious code embedded in it, code that could give a hacker full access to your phone. The good news about this is that it can be easily fixed with an update. The bad news about this is that it is up to device manufacturers to actually release the fix. This is because most Android device manufacturers basically own their own version of Android and need to push the update to owners – Google can’t do this. Beyond that, it is up to the device owner to actually update their phone when the fix is released.
If this sounds a little worrying, it should be, especially since this affects every device except for the recently released Samsung S4 Touchwiz. There are things you can do however to minimize the chances of your device being infected by this bug.
If you are careful about what apps you install and take steps to ensure that you only install apps from the Play store, your device should be relatively safe. Google has announced that they have patched their cryptographic features on Google Play, so any new apps going onto Play should be safe from this particular exploit. There is a good chance that they will also correct this issue in a future update to the Android OS (likely 4.3), but older devices may be left out of the loop. So, as we have already told you a few times: Don’t install apps from outside of Google Play, and be sure to follow the tips we talked about above. Should you require more information about Android in the workplace, please contact us today.
When you are finishing work for the day, do you just stand up and leave without turning your computer off? Or, do you take the time to properly shut it down? Talk to 10 different people and you will get 10 different answers as to whether you should leave your computer on at night, or shut it down. And it is definitely one of the most frequent questions we get.
So, let’s take a look into whether you should shut your computer down at night or not. The first thing we should do is look at three myths that surround this topic.
Myth 1 – My computer is safe from power surges if I turn it off If you live in an area that has an unstable power grid, or is prone to random blackouts, you may be worried about power surges. In truth, if one reaches your computer when it’s off, it will do almost exactly the same amount of damage as if it was on. Therefore, you should ensure that your computer is plugged into a surge protector, even if it’s switched off.
Myth 2 – Leaving a computer on will cause it to overheat This isn’t quite true. Both laptops and desktops have fans and heat sinks that are designed to cool a computer efficiently while it operates. If your computer has a working fan, leaving it on overnight will not cause it to overheat. On the other hand, if the fan isn’t working properly there is a high chance it could overheat. In other words, if the fan isn’t working, you should get it fixed before damage is done.
Myth 3 – Turning a computer on and off, or leaving it on will cause parts to wear out quicker In theory, this is actually true. When a computer runs, it gets hot – high end video cards can run as hot as 180 F – and when it is shut down, the parts cool quickly. Anyone with a basic understanding of science knows that many substances contract when cooled and expand when hot. Therefore turning your computer off and on will cause wear from expansion and contraction. . Well, in truth, it really makes little difference. Think about other similar electronic devices like your monitor, TV or even phone. You no doubt turn these off and on all the time with no problem. Most computer components are designed for this too. In fact, many are designed to outlast the expected time you will use the computer. This means that the vast majority of people won’t notice a difference.
The truth behind these myths shows that there will be little outright harm to your computer if you turn it off, or leave it on. But the question about which is best to do still remains.
Reasons you should turn your computer off at night There are four main reasons as to why you should turn your computer off at night:
Reasons you should leave your system on at night There are three main reasons as to why you would want to leave your system on at night:
So, which is better? In truth, it really comes down to preference and how you work. If you work with an IT partner who manages your systems, it is a good idea to ask them what they would recommend.
If you just use the computer while you are at work, or are worried about potential security threats, then you can probably shut it down at the end of the day. That being said, if you do shut your system down, it is a good idea to run security scans on a regular basis while your system is on to ensure maximum protection.
At the same time, if you leave your system on, it is a good idea to periodically reboot it so important security and program updates can be installed and your computer can be refreshed.
Still not too sure what you should be doing? Why not give us a call to see how we can help keep your systems running and secure.
Have you ever bought something online? There is something compelling about browsing an online store, filling a virtual cart, checking-out and having it arrive on your doorstep a few days later. E-commerce is quickly becoming one of the most popular forms of shopping, but like everything else on the Internet, there are security issues you could run into.
Below are five ways to ensure that e-commerce transactions remain secure:
1. Watch what you share Many security experts continually want about this for social media usage, but it is also relevant to e-commerce. Often, when you make an online purchase you will be asked to provide some personal information. This might include your shipping and billing address, birthday, etc. Did you know that many sites will often ask for more information than they really need to complete the order?
The reason companies ask for this additional information is often so they can get to know you better, and provide more relatable, targeted product recommendations. Some dubious sites may ask you for this information and later sell it to a third party. When purchasing online, you should be aware of what information that is required – usually indicated by an asterisk – and what isn’t. In order to remain as secure as possible, only share information that is absolutely necessary.
Beyond that, if you are planning to link a digital wallet to your mobile phone, you should be careful who you share or lend your phone to. These services are set to take off in a big way, and there has already been instances of people with digital wallets being duped by strangers asking to borrow their phones in order to find their wallet. It is a good idea to restrict wallet access and not store any valuable information on your phone’s hard drive. Instead, store it on a password protected cloud storage site.
2. Watch how you connect People are using their phones, tablets and laptops for online shopping in an ever increasing number. This is largely because the devices are convenient and portable – you can shop from wherever you may be. But, what many people fail to realize is that they are connecting to public Wi-Fi if they are on the go. Sure, it is cool to be able to buy your groceries on Amazon from the coffee shop at lunch, but if you have connected to public Wi-Fi, your information is likely wide-open – anyone with the right tools can access it.
You need to be careful when you shop. Don’t enter any valuable or important information like passwords and credit card numbers while connected to public Wi-Fi. If your mobile device has a data plan, switch to that instead. Or, wait until you are connected to a secure network.
3. Verify all sites When you are shopping online you should verify that the site is in fact legitimate. The easiest way to do this is to take a look at your browser’s URL bar, and more specifically the website’s address. You are looking for it to start with, https://. What this indicates is that the website has been authenticated as being legitimate. Most websites like Amazon, Google, Apple, Facebook, etc. all have https protocols. If you don’t see this in the address, you may be looking at a fake website.
If you are unsure, try entering https:// before the Web address and hitting Enter. You should also take note of this URL when you are checking-out, because if there is no https://, the site may be sending unsecure information and if that information is your credit card number then you really don’t want that to be the case.
If you are shopping from a new website, you should take time to look through the extra information like the About Us and Contact pages. Take note of the address and company names, then search for the company on say Wikipedia or Google, taking care to see if the address is the same. Another trick is to search the various social media services like Facebook and Twitter for accounts related to the website.
4. Don’t pay with your bank account One of the benefits of e-commerce is that it is easy. Because of this, the number of users buying stuff online is growing exponentially. Banks are aware of this trend and have launched services that allow you to pay for transactions with your debit card. The problem with this is these cards are directly linked to your bank account, often with higher limits than credit cards. It can be incredibly tough to get money back if something happens, largely because as soon as you account has been debited, the money is gone.
Many people who shop online use a credit card. The main reason for this is because most banks and card issuers offer online shopping protection, which makes it easier to get money back should anything untoward happen. The best solution could be to sign up for a credit card that is only used for online purchases, and even linked to a separate bank account. This could minimize your losses should something happen. A debit card for an account that has a limited amount of funds in it at any one time can also be a way to protect your main money pot.
5. Don’t link accounts For convenience, many online retailers like Amazon, Apple, etc. offer to store your credit card number. It is highly recommended that you don’t allow these sites to store your credit card numbers, especially if you use the same account name or email address as other accounts.
If you get hacked, and the hacker finds that you have say an Amazon account with the same username and password, they will likely go on a shopping spree, which could cost you time and money.
Taking precautions while shopping online is a good idea, and could help mitigate the risk of having your identity or money stolen. If you are looking for more information on how to be safe online, or how to ensure that your company’s online store is secure, please contact us today.
As technology and data networks continue to become more advanced, concepts like the cloud have come to the forefront of business technology. There is a high chance that you probably use at least one cloud service on a daily basis, if not more. A common concern about the cloud is overall security of your business’s data. Sure, many systems are secure but there are still attacks and leaks that could harm your business and it would therefore be a good idea to ensure that data stored in the cloud is secure.
Here are four tips on how you can keep data stored in the cloud safe.
1. Cloud encryption is key When you store files in the cloud, they are actually stored on a server somewhere. It would be a good idea to check with your provider what encryption they use on their servers. In case you were wondering, encryption is the conversion of data and messages into a form that can’t be easily read by unintended parties. With most digital systems, encryption will make files unreadable without the proper key to essentially decode the information and turn it into something we can read.
Checking with the different services you use can go a long way in helping you decide what to store and where. For example Google doesn’t doesn’t currently encrypt files stored on Drive. The same goes for Evernote and the free version of Dropbox. There is rumor that these companies especially Google are working on establishing encryption for all files but this may not happen for a while. Some providers like SugarSync do use encryption but it may not be enough. To ensure maximum security, look for providers that offer at least 128-bit AES encryption. Anything higher will obviously be better.
2. Secure files before they go online All encryption can be broken and some forms just take longer. To add another level of security, it would be a good idea to encrypt or secure your files before they are uploaded to the cloud. Did you know that popular programs like Office and Adobe Acrobat allow users to encrypt documents with a password?
Another option is to add a password for access before the files are uploaded. There are other options as well, including using a program like boxcryptor that creates an encrypted folder on your hard drive and links to various cloud storage services. When you place a file into the boxcryptor folder, it will be synced with the related service and automatically encrypted.
3. Ensure files are secure when being moved One of the weakest links of almost all cloud solutions happens when information is being uploaded or synced from your computer to the cloud. Some solutions will send information unencrypted which means hackers will be able to capture the information as it leaves or enters your network or the solution’s network.
You should make sure that the solutions you use encrypt data while it is being uploaded. In truth, almost all of the cloud services do but it would be worth it to check again.
4. Lock down your accounts This can be a bit of a hassle but it will help keep your account and all of the important information/files stored on the cloud service secure. What do we mean by ‘lock down’? For the most part it means follow standard security protocol: Use a different password for every site and service, change passwords on a regular basis, don’t give passwords away and enable dual authentication if possible.
Services like Google Drive and DropBox offer two-factor (dual) authentication. What this means is that if you enable it, you will need to do another step before gaining access to your files. This usually means entering a code sent in a text message to your phone or answering a security question.
If you take these steps to ensure that your files and systems are secure, there should be little to no chance of having files or information stolen. We do have to warn you however that nothing is 100% secure but the more steps you take will definitely increase the security of your information. And if you’re looking for a cloud storage solution that offers the highest level of security, you can always contact us to see how we can help.
As a small business owner or manager, you are expected by your employees and customers to keep the information shared with you secure. If a breach were to happen, you would likely be the person that they turn to for answers and solutions. It is therefore a good idea to take steps to protect personal information before problems arise.
As October is Cyber Security month in the US, it’s the perfect time to take a look into ways you can make your business and systems more secure. One of the best places to start is to look at how your company stores and protects personal information. Here are five tips that can help you protect personal information in your company.
1. Change your passwords One of the weakest links, in terms of security, is not the programs, networks, or systems, it’s actually the passwords used to access these. You should ensure that your passwords are strong – at the very least use a mixture of capital and lowercase letters, numbers and special characters like ! or @. This makes passwords harder to crack.
It is a good idea to change your passwords on a regular basis. You should change them at least once a year, but far preferable is to change these every 90 days. This will minimize the chances of your password being hacked and likely increase overall security.
2. One password shouldn’t rule them all The number of password protected systems and sites that we use on a daily basis is increasing and it can be tempting to have one or two passwords for all of these systems. This is not a good idea though because if one password is compromised, a hacker could gain access to all of your systems and the personal information stored on them.
The best solution is to have a unique password for each system and one that is as different as possible. Using a password manager like Dashline or LastPass might be worth looking into but just be sure to use a separate password to access to this system as well!
3. Don’t keep everything While passwords are a common way hackers can access systems, another popular way they get in is through malicious links in email, social media posts or online advertising. These links can be viruses and trojans that install backdoors to systems, allowing hackers access to files and potentially sensitive information.
In order to maximize security, you should look at every link and ensure it is legitimate before you click on it. The best way to do this is to look at the sender’s email address and ensure there are no spelling mistakes or weird characters. Look for any strange spelling, and if possible check there is https:// at the beginning of all links. This indicates that the page is legitimate. If a link seems even remotely suspicious, simply delete it.
4. Don’t react immediately Communications, especially in online ads and emails, often urge you to click immediately. Pause for a moment, inspect the email or links and try to verify them. As a rule of thumb, if it sounds too good to be true, it is. Therefore, think first and don’t click the link.
5. Develop policies In order to secure your systems and protect information stored within, you should develop a policy for all staff to follow. Be sure to look at how you plan to protect information, where it is stored and how it is stored, as well as who has access to it, how can it be accessed, and what happens when the policy is breached. How do mobile devices/devices brought in by employees fit into the plan?
Once you have developed a policy, communicating it to your employees and ensuring that they are all on the same page in following it is essential. We know it can be challenging to develop an effective policy, so why not contact us? We may be able to help not only secure your private information but also develop a sound policy that is workable.
Email has become the most essential form of business communication. It allows companies and customers to communicate instantly and has generally made life easier. A common problem with email however is that it may not be the most secure platform available and there is often a high cost associated with securing your email. One option available to companies is managed email security services.
What are managed email security services? The key to understanding what this type of service is, is to think of it as outsourcing. There is little doubt that companies need to secure their email but many small to medium businesses lack the staff and expertise to actually do this in reality. One way to secure your email is to simply outsource it to your IT partner.
An IT partner can work with you to establish and secure your email, by intercepting all email destined for your email addresses or domain. Many IT specialists employ advanced scanning software that looks for malicious software, images or even content that contains keywords deemed unsafe. The software then filters out these emails and sends the safe ones to your email servers or inbox.
These services typically allow you to establish and manage filters and black or white lists (black lists are a list of words or email addresses that you do not want to receive emails from). Because the companies that run these services are usually security oriented, they can work with you to ensure that emails coming in, and going out of your organization are secure, and free from malicious content.
Why would companies use them? There are many reasons as to why companies would use a service like this. Here are four of the most common:
What makes a good managed email security provider? If you are looking for a managed email security provider, there are a number of services that good providers should offer. Here are six.
If you are looking for a better email security system, why not contact us? We may have a solution that will work for you.
Did you know that October is National Cyber Security month in the US? This means it’s the perfect time to stop for a minute and think about the security of your digital systems, both in the office and at home. One of the increasingly important areas to focus on however exists in between these systems – your mobile devices. As the number of people carrying smartphones increases, these devices will be increasingly targeted by dubious people and you should take steps to ensure they are secure.
Here are five questions to ask if you want to properly protect your devices.
1. What do I know about Wi-Fi hotspots? With a tablet or phone it can be easy and tempting to check in with the office, write a few emails or even do your finances on the go. This usually means connecting to the Internet, and because so many mobile plans limit the amount of data you can use, you will likely use Wi-Fi.
The thing is, many of these Wi-Fi hotspots found in airports, coffee shops and even in public transport zones are open. This means that anyone with the tools and knowledge could gain access to devices connected to this network. Simply put: Connecting to a public Wi-Fi network or hotspot could put your data and device at risk.
You should take steps to limit that amount of important business oriented tasks you do while connected to these networks. At the very least, you should not allow your device to connect automatically to open or unsecured Wi-Fi networks. By physically signing into networks or choosing what networks you connect to, you can somewhat control or limit security issues that stem from Wi-Fi connections.
2. Do I want a stranger to see what’s on my phone? There seems to be this view that whatever you are looking at on your phone or tablet can’t be physically seen by other people. While your device is relatively small, many are large enough to allow strangers to see what you are looking at and even typing.
If you are sending or reading confidential info on your phone or tablet be sure to check that people aren’t looking over your shoulder or watching you type PINs or passwords. In fact, it would be best to read or type this type of information in private, where other people aren’t likely to be looking over your shoulder and privy to private data.
3. Is my phone secure? Security is a big issue for many businesses. You want to ensure that your information, files and systems are secure from intrusions and threats, and likely implement measures to keep them so. However, few users pause to think about their mobile devices.
Take for example Android’s marketplace Google Play. While the vast majority of apps are legitimate, some are fake and contain malware that could harm your device. Beyond that, hackers are increasingly targeting mobile devices by placing fake apps online or even malware on sites that will automatically be downloaded if users visit the page or click on a link. To combat this you can download a virus or malware scanner for your device and run it on a regular basis. When downloading apps be sure to verify the publisher and source of the app.
Securing your device with a password or pin makes it harder for third parties to gain access should they pick up a lost device or try to get in when you aren’t looking.
4. What info is stored on my phone? Stop for a minute and think about the information you have stored on your device. Many users keep records of their passwords, important documents and even private information. The thing is, many devices are easy to hack, and also lose. If you lose your device, your valuable information could also be lost and potentially stolen.
You should take a look through your information and ensure that nothing incredibly important is stored on your device and if there is, back it up or remove it.
5. Is it necessary for apps to know my location? Geo-location has become a popular feature of many apps. The truth is, many of these apps probably don’t need this information, instead requesting it to provide a slightly better service or more personalized experience.
However, this information about you and your phone could be stolen so you might want to think about limiting how much a third party can see about you. Both Android and Apple’s iOS have apps that allow you to select what programs are allowed to gather and send your location-based information to developers, with iOS actually allowing you to shut down location-based services from the Settings menu.
If you would like to learn more about mobile security, contact us today as we may have a solution that will work with your business.
Malware comes in many different forms and some of the more common are viruses are those that infect systems when they are downloaded and opened by the user. Combating any malware can be a never ending battle. It seems as if there is always some new security threat you need to be aware of. One of the latest is CryptoLocker – a new form of ransomware.
Knowledge is power so finding out more about CryptoLocker is recommended, as well as how you can take steps to protect your systems.
What is CryptoLocker? Ransomware is a virus that locks important files or systems and requests that users pay a ransom to unlock them. This is not a new form of malware, but there has been a recent resurgence and CryptoLocker is leading the way.
This particularly nasty piece of malware infects user systems and locks files, threatening to delete them unless the hacker is paid. It is being spread four different ways:
CryptoLocker installs itself to the Documents and Settings folder on your system and then proceeds to search for specific file types like Microsoft Word Docs or Adobe PDFs. It applies an asymmetric encryption which requires both a public and private key to unlock. The public key is stored in the virus itself and is used to encrypt the files. The private key is hosted on the hacker’s server.
What happens if I get infected? If your system is infected your files will be encrypted and a pop-up message displayed informing you that your personal files have been encrypted and that in order to get the key to unlock them (the private key) you need to pay up to USD$300, or a similar amount in another currency. This amount seems to change and has increased, with older versions asking for USD$100.
You will also see a timer counting down from 100 hours. If this reaches zero, your encrypted data will be deleted with a very slim chance of the files being recoverable. The preferred method of payment is in BitCoins – a digital currency. The pop-up window has instructions on how to submit the payment – usually through an online payment method like Green Dot – MoneyPak.
The good news is, once you submit the payment, you will receive a key you can enter to unlock your files. The hackers have said that they won’t re-infect systems, and network security companies have confirmed that so far, this has been the case.
While many up-to-date virus and security scanners will pick up CryptoLocker, most won’t be able to recover or decrypt files even if the malware itself is deleted. If you see the pop-up window, it’s probably too late.
How do I prevent CryptoLocker from infecting my systems? This is a serious piece of malware that should not be taken lightly. If you are worried about your systems being infected, here are five things you can do to prevent that from happening:
Looking to learn more about CryptoLocker and how you can keep your systems safe from it? Contact us today.
The security of systems like servers and computers that connect to the Internet should be one of utmost importance for business owners and managers. However, there are always security flaws being exposed which could expose your systems and data to malicious hackers, who could really endanger your business. Over the past few weeks a massive massive security flaw with cryptographic software has come to light. Codenamed Heartbleed, this bug makes stealing data almost ridiculously easy.
Most sites on the Internet rely on Secure Sockets Layer (SSL) technology to ensure that information is transmitted securely from a computer to server. SSL and the slightly older Transport Layer Security (TLS) are the main technology used to essentially verify that the site you are trying to access is indeed that site, and not a fake one which could contain malware or any other form of security threat. They essentially ensure that the keys needed to confirm that a site is legitimate and communication can be securely exchanged.
You can tell sites are using SSL/TLS by looking at the URL bar of your browser. If there is a padlock or HTTPS:// before the Web address, the site is likely using SSL or TLS verifications to help ensure that the site is legitimate and communication will be secure. These technologies work well and are an essential part of the modern Internet. The problem is not actually with this technology but with a software library called OpenSSL. This breach is called Heartbleed, and has apparently been open for a number of years now.
OpenSSL is an open-source version of SSL and TSL. This means that anyone can use it to gain SSL/TSL encryption for their site, and indeed a rather large percentage of sites on the Internet use this software library. The problem is, there was a small software glitch that can be exploited. This glitch is heartbleed.
Heartbleed is a bug/glitch that allows anyone on the Internet to access and read the memory of systems that are using certain versions of OpenSSL software. People who choose to exploit the bugs in the specific versions of OpenSSL can actually access or ‘grab’ bits of data that should be secured. This data is often related to the ‘handshake’ or key that is used to encrypt data which can then be observed and copied, allowing others to see what should be secure information.
There are two major problems with this bug. The first being that if an attacker can uncover the SSL handshake used by your computer and the server that hosts the site when you login or transmit data they will be able to see this information. This information usually is made up of your login name, password, text messages, content and even your credit card numbers. In other words, anything that gets transmitted to the site using that version of SSL can be viewed.
Scary right? Well, the second problem is much, much bigger. The hacker won’t only be able to see the data you transmit, but how the site receiving it employs the SSL code. If a hacker sees this, they can copy it and use it to create spoof sites that use the same handshake code, tricking your browser into thinking the site is legitimate. These sites could be made to look exactly same as the legitimate site, but may contain malware or even data capture software. It’s kind of like a criminal getting the key to your house instead of breaking the window.
But wait, it gets worse. This bug has been present in certain versions of OpenSSL for almost two years which means the sites that have been using the version of OpenSSL may have led to exposure of your data and communication. And any attacks that were carried out can’t usually be traced.
What makes this so different from other security glitches is that OpenSSL is used by a large percentage of websites. What this means is that you are likely affected. In fact, a report published by Netcraft cited that 66% of active sites on the Internet used OpenSSL. This software is also used to secure chat systems, Virtual Private Networks, and even some email servers.
We have to make it clear here however: Just because OpenSSL is used by a vast percentage of the Internet, it doesn’t mean every site is affected by the glitch.
The latest versions of OpenSSL have already patched this issue and any website using these versions will still be secure. The version with Heartbleed came out in 2011. The issue is while sites may not be using the 2011 version now, they likely did in the past meaning your data could have been at risk. On the other hand, there are still a wide number of sites using this version of OpenSSL.
This is a big issue, regardless of whether a website uses this version of OpenSSL or not. The absolute first thing you should do is go and change your passwords for everything. When we say everything, we mean everything. Make the passwords as different as possible from the old ones and ensure that they are strong.
It can be hard to tell whether your data or communications were or are actually exposed or not, but it is safe to assume that at some time or another it was. Changing your passwords should be the first step to ensuring that you are secure and that the SSL/TSL transmissions are secure. Another thing you should be aware of is what sites are actually using this version of OpenSSL. According to articles on the Web some of the most popular sites have used the version with the bug, or are as of the writing of this article, using it. Here are some of the most popular:
It would be a good idea to visit the blogs of each service to see whether they have updated to a new version of OpenSSL. As of the writing of this article, most had actually done so but some were still looking into upgrading. For a full list of sites, check out this Mashable article.
If you have a website that uses SSL/TSL and OpenSSL you should update it to the latest version ASAP. This isn’t a large update but it needs to be done properly, so it is best to contact an IT partner like us who can help ensure the upgrade goes smoothly and that all communication is infact secure.
Contact us today to see how we can help ensure that your company is secure.