A bug was found in a popular piece of software called OpenSSL which drives a large proportion of security and encryption across the web.
Ultimately, this means that for the past 2 years or so, many of the websites you assumed secure were not. The bad news is that this may expose some highly sensitive sites and services you use including your internet banking.
You can read more on this bug here:
From a practical and non-tech perspective, this is what you need to do:
1. Every site or service you use that needs a password should have a unique password
I’ve mentioned this in the past but again, you should never use the same password on more than 1 site or service. If you’re using the same password on everything it means that all it takes is one of those sites or services to get hacked and the intruder has access to all the sites you use on a regular basis.
2. Having too many passwords to remember is no excuse for poor security, use a password manager
I’ll be blunt here, being lazy is no excuse for poor security. We live in a digital world and frankly, the sooner you accept that you’re going to have to learn a new piece of software or implement new processes in your business on a regular basis, the better. Being lazy is no excuse for poor security – there is always a tradeoff between security and convenience.
A password management tool will dramatically reduce the pain around managing passwords and logons. Two popular apps are 1password.com and lastpass.com. Both are secure and allow you to sync you logon information across multiple devices so you have access to passwords on the go.
3. Turn on 2 factor authentication if it is supported
Two factor authentication means that as well as having a username and password you have something else to verify the logon such as a security token or your mobile phone where a password can be SMS-d or an authenticator app can be accessed.
Many popular services such as Google Apps, Facebook and your internet banking support two factor authentication. Its absolutely worth investing a bit of time and getting this enabled on any key internet services that support it.
Here’s a great article from lifehacker that has a great video explaining two factor authentication as well as a list of popular services that support it:
4. Change your password on critical services
If you’re not already using two factor authentication or are using the same password on everything then you’ll need to change passwords on your critical services.
Before doing a password change its worth checking to ensure that each service has patched the bug, here’s a testing tool you can use to confirm whether a website is vulnerable:
5. Test your own website and services to make sure they are secure and fix the bug if not
If you’re running an ecommerce store or some other online app its important that you take responsibility and make sure that this bug is patched. This is easy, test your site using the tool below and if its showing as not patched, get the wheels in motion to get it fixed:
6. Accept that software bugs are a part of doing business
Most businesses today run on technology which means from time to time bugs are going to need patching. Its not a big deal, its a part of doing business. Once you accept this and build it into your business and business processes then the less risk there is around technology. Building this into your business means that you’re using up to date technology and you’re installing patches on a regular basis and you have a relationship with someone who’s responsible for managing and maintaining your technology assets.