Heartbleed Bug Exposes Millions Of Companies And Individuals To Massive Data Theft

A serious vulnerability, the Heartbleed bug, has been discovered in the widely used OpenSSL software by Google and security firm Codenomicon. OpenSSL software is routinely used in servers, operating systems, email and instant messaging. It is supposed to protect sensitive data as it travels across the internet. Individuals accessing a website secured with SSL would see a padlock icon on their browser but, with Heartbleed, the site could be far from secure.

As the Heartbleed exploit leaves little trace it is not clear how much damage has been inflicted. The potential damage to companies and individuals is huge, as both the keys that companies use to encrypt transactions and the user names and passwords that individuals use to access secure sites may have been compromised. The race is now on to fix this problem.

This highlights the fact that companies need to put security high on the list of priorities when selecting web vendors and technologies; they need to stop thinking of their website as a classic “Buy it and forget it” fixed asset and start to see it as something which needs ongoing support and protection.

At SilverDisc, security is a core part of our business. Data integrity is at the heart of all our work and not an afterthought or, worse, hardly considered as at many other agencies. We come from technical origins and our founder, Alan Perkins, has even coded missile defence systems in his time!

Getting things right from the start helps build web security, but this needs to be complemented with vigilance and the recognition that these challenges exist and are getting worse. To deal with these issues there are three questions every company should ask whether looking at new website solutions or just upgrading.

Firstly, does the supplier engineer security into the site from day one?

Secondly, do you get ongoing support to keep the site in good order in a way that deals with threats as they emerge?

Thirdly, does the potential supplier have a dedicated systems team tasked with website security?

If the answer to any of these questions is no (or “Don’t know”) then you need to think about the reputational risks that are being taken and how cyber attacks could damage your business. Many of today’s websites need updating, not only because of the obvious dated look and lack of mobile and tablet support but also because of the financial and reputational costs associated with a security breach.