Guest Columnist

Column: Business owners vulnerable to Heartbleed bug

Guest columnistMay 5, 2014 

Carla Turchetti is a small-business writer and journalist. Reach her at cturchetti@nc.rr.com.

PICASA — CONTRIBUTED PHOTO

If your business has a website or a social media or email account, someone might have seen your online activity without you knowing it.

That’s because of the Heartbleed bug, which has proven to be a massive vulnerability in the popular open-source Web encryption software OpenSSL.

Last month, researchers announced they had found a security bug within OpenSSL that could have exposed computer users to eavesdropping.

SSL, or Secure Socket Layer, is supposed to ensure privacy whenever information is transmitted over the Internet. If an unintended third party tries to monitor online communication such as email, a website order or a Facebook post, it should appear to them as a string of characters or letters that don’t make sense.

The Heartbleed bug allows third parties to see what was being transmitted – even on sites using OpenSSL.

SSL technology includes an option for using a “heartbeat,” which is a message that one computer sends to another to let it know it’s online.

Security experts say Heartbleed has made it possible for one computer to send a message that tricks another computer into sharing sensitive information, such as credit card numbers, passwords and encryption codes that scramble data.

The researchers who discovered the flaw have developed new software with a fix for Heartbleed; however, they believe the bug had been around for about two years before it was noticed.

Major website service providers have applied patches, but owners should make sure their host company is running the latest version of OpenSSL, which has the fix.

Also, get the new Open SSL if you host your own site. Google Chrome offers a “Chromebleed” extension that alerts you if a website you are using or are searching for is currently being affected by Heartbleed.

Small-business owners should also change all of their passwords, which will stop hackers from being able to access their information.

Matt Carter, president and owner of PC MedEvac in Cary, said the safest passwords are the ones that are memorable and personal.

“I like song titles and funny expressions,” he said. “People can figure out your birthday or anniversary or your kids’ birthdays, but they can’t look inside your head and know if you think that’s a good song or a lyric.”

Carter said other strategies for creating a strong password include stringing words together in a rhyme or selecting something memorable from a favorite Bible verse.

Passwords increase in strength the more meaningful and personal they become. Plus, you’re less likely to forget them, he said.

The Heartbleed bug won’t be the last computer security flaw to surface. The challenge for small-business owners is to stay up to date on issues and ward off any potential security breaches that could compromise customer data or key information about the business.

Carla Turchetti is a small-business writer and journalist. Reach her at cturchetti@nc.rr.com.

News & Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service