The Heartbleed Internet security bug has a scary name, but how does it affect you as a small business owner?
Here’s what you should know about Heartbleed — and what you can do to protect yourself and your business.
1. What is Heartbleed?
Engineers at Google discovered the the flaw and announced it to the world on April 7 — the same day a fix became available. About 17 percent of all secure websites were affected by the bug, according to internet services company Netcraft. Other estimates found that two-thirds of all websites were at risk when the bug was first discovered.
You no doubt know that entering sensitive information into a non-encrypted website is a bad idea. If the URL doesn’t begin with “https,” the page isn’t encrypted and hackers could potentially steal your information.
Software installed on a server encrypts the data so it can’t be intercepted. One of those programs is OpenSSL, which is is widely used by businesses all over the world, including giants like Google, Yahoo, and Amazon Web Services.
A Google engineer found a vulnerability that allowed a piece of code to be attached to a routine message sent to a server. This malicious code could give hackers access to the encryption keys allowing the data to be unscrambled. In other words, the server could be tricked into giving up the unlock code to sensitive data.
2. Is it a virus?
Heartbleed is not a virus. It is a security hole specific to the OpenSSL software. It’s not being replicated as a virus would, so you don’t have to worry about infecting your customers or your customers infecting you.
Read more from Intuit Small Business