After responding to several retail data breaches, computer security experts have been made aware of a glitch in a popular security encryption protocol, which has left computers, networking equipment, and mobile devices vulnerable to potential cyber attacks, hackers, or cybercriminals. Popular websites such as Facebook, Netflix, Hulu, Yahoo, and Google had initially reported potential vulnerabilities, but have already taken immediate action to patch their systems, update the faulty software, and notify users to update their login passwords. However, what about the small businesses which rely on e-commerce websites to process payments, sell products and services, and store user account information? Although it is highly unlikely your small business may become the primary target of organized cybercriminals, it is possible for your business networks to be compromised by amateur hackers or unauthorized employees who attempt to exploit the software vulnerability. As a small business owner, merchant, or retailer you are accountable for protecting your customers’ cardholder data, personnel information, and sensitive company documents. To ensure protection of your business, learn more about the vulnerability and how it could impact your business operations, and follow the advice to secure your computer networks and mobile devices from potential harm from the Heartbleed bug.
The Heartbleed bug vulnerability manifested from a flaw in the software program code of the Open Secure Socket Layer (OpenSSL) cryptographic application, which is developed by a collaboration of volunteer programmers for the OpenSSL Project. The faulty software code creates memory leaks which can be exploited by skilled computer programmers, hackers, or cybercriminals who could breach computer systems or steal sensitive information being protected by the faulty OpenSSL software. The OpenSSL software is designed to protect secret keys used for encrypted communications of passwords and user names for email, instant messaging, or application data. The vulnerability in the OpenSLL program allows hackers to intercept messages, impersonate users and web services, or steal information being passed between computers over the internet.
The discovery of the Heartbleed bug vulnerability was communicated to the world via information security advisories from the OpenSLL project and via the national cyber security awareness system, maintained by the National Institute of Standards and Technology. However, based on information provided by the OpenSSL project the Heartbleed bug vulnerability has been available for more than a year. The Heartbleed bug is only present in OpenSSL software versions 1.0.1 through 1.0.1, which was included with multiple Android devices and LINUX distributions for OpenSUSE, Ubuntu, Fedora, and CentOS, and OpenBSD. Therefore, any merchants, retailers, or small business owners who rely on the apache server or client operating systems to manage websites, e-commerce, or databases, which have the faulty versions of the OpenSLL software will be affected by the Heartbleed bug.
The biggest concern for merchants, retailers, and small business owners is whether or not their computer system has been compromised during the time period software developers, network administrators, and information security professionals were not aware of the vulnerabilities presented by the Heartbleed Bug. During this period any system running compromised versions of the OpenSSL software were vulnerable to data breaches, stolen security keys, web service impersonation, and unsecure email, internet, or VPN communications. If your business uses smartphones, tablets, or mobile devices with the affected versions of the Android operating system then it is possible these devices could be used by hackers to breach your company’s computer network.
