The Heartbleed bug is one of the biggest online security threats to date. The name alone sounds serious, like a tropical disease crossed with a Taylor Swift song. But apart from scaring us all into changing our passwords from ‘password1’ to something a little bit more secure, what is the Heartbleed bug and why should businesses be concerned?
The bug exists in a piece of open source software called OpenSSL which is designed to encrypt communications between a user’s computer and a web server. It is one of the most widely used encryption tools on the internet, believed to be deployed by roughly two-thirds of all websites. If you see a little padlock symbol in your browser then it is likely that you are using SSL.
It allows anyone to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. In layman’s terms, this means that usernames and passwords, as well as other confidential data, could be read by cybercriminals.
Half a million sites are thought to have been affected including online banking, shopping websites and email accounts. Since the vulnerability has been in OpenSSL for about two years and using it leaves no trace, it is safe to assume that your accounts may be compromised.
Companies are rapidly patching up their systems to secure against it and because so many businesses have been affected by this including Google, Tumblr and Instagram, being infected by the Heartbleed bug does not mean the end of your business.
However, companies that have not been compromised are coming out on top. Apple has been praised for their robust iOS operating systems and has confirmed that all of its devices and web services are safe from the bug. In fact, its devices never used the problematic software in the first place. This foresight will no doubt win Apple more brand advocates.
So whether you are a business or an individual, you should change your online passwords, especially for services where privacy and security are major concerns. Changing passwords is worth doing, and to be honest, it is something you should probably do every six months or so anyway. It is a pain, I know, but it is better to be on the safe side than catch the Heartbleed bug.
What this story does go to show is how important trust is for consumers, particularly when dealing with firms with a strong online presence. They are aware their data is being used and when they feel it may be compromised – particularly with something as sensitive as bank details – they’re likely to get very nervous very quickly, and rightly so.
What this recent news has shown from a PR point of view is that sometimes the most powerful way to influence customers and win business from rivals is to perform particularly well during a crisis, rather than simply pushing positive PR messages.