3 Hard Facts About the Heartbleed Bug and How to Protect Your Business IT

It’s been all over the news: panic, fear and confusion.

The Heartbleed bug has everyone wondering how vulnerable they are and what they’re supposed to do about it. It doesn’t help that some of the news reports are overblown or downright inaccurate.

Let’s stick to the facts, shall we? There are 3 key misconceptions that need to be busted here.

1: Heartbleed is not a virus

What we’re looking at with Heartbleed is a programming defect — a “bug” — in common security software called OpenSSL. OpenSSL is used to protect https:// websites and secure mobile apps, as well as playing a role in the Apache Web Server and many security software vendors’ products.

This bug lets hackers get remote access to potentially sensitive data that should’ve been protected.

2. Heartbleed is not new

The bug has existed for roughly 2 years. It’s in the news this month, but it the risk has been there in the background for far longer.

3: Heartbleed is not everywhere

It`s only found in systems using the OpenSSL library. Other systems will be unaffected.

However, Heartbleed goes beyond websites. Other products such as databases may be affected too if they use OpenSSL.
What to Do
Check with your vendors to see if they use OpenSSL and, if so, whether they’ve patched the security hole yet or not. After patching, they should also generate a new security certificate and key.

After each of your vendors applies a patch, change your passwords on their systems. Don’t change your passwords before the bug has been patched, as this will leave your new passwords vulnerable.

360ict provides managed IT services, security and support to SMEs in central London and the south-east. Call us on 0208 663 4000 for free advice on how to protect your business IT.