'Heartbleed' Flaw: What Businesses Need to Know - Free Enterprise
Free Enterprise - The FindLaw Small Business Law Blog

'Heartbleed' Flaw: What Businesses Need to Know

A newly discovered security flaw called "Heartbleed" has many businesses scrambling to beef up their online security.

The Heartbleed flaw affects websites that use a security software called OpenSSL to protect users' data and passwords. As The Washington Post explains, sites vulnerable to the flaw are like doors with defective locks. No matter how much consumers change their passwords, if the "lock" is broken, user data is vulnerable.

So what does your business need to know about the Heartbleed flaw?

Heartbleed Makes SSL Less Secure

Your business' website can use various different levels of security to thwart hackers and spammers, and offering a secure, trusted connection to consumers is a real asset. Many business sites use a protocol called SSL to establish a secure connection with consumers when exchanging data like passwords or credit card numbers.

Sites with SSL protection have "https" ("s" for "secure") at the beginning of their Web addresses, and most browsers will display a "padlock" icon showing that those sites are secure. But for business servers using OpenSSL -- a free version of the SSL protocol -- that padlock is broken.

The Post reports that almost 10 percent of "secure" sites (among 1,000 sites tested) are vulnerable to the Heartbleed flaw, although more than 50 percent don't use any sort of SSL.

An online "Heartbleed test" has been created to determine if a site (or server) is vulnerable to the Heartbleed flaw, and companies are already informing consumers of potential security issues.

What If Your Business' Site Is Affected?

If your business' site is vulnerable to the Heartbleed flaw, don't panic. The OpenSSL project has addressed the Heartbleed issue in its newest versions, which may require a simple upgrade for businesses, reports Threat Post.

Business owners can potentially be held liable for data breaches if they do not act reasonably to protect consumers, so make sure to take steps to fix your site's "lock." The Post reports that Yahoo, Amazon, Ars Technica, and Etsy released statements to users concerning the Heartbleed vulnerability, and your business may also want to notify consumers.

Not only will it be smart to calm consumers down and tell them about your new security measures, notifying them of issues or recommending password changes may help you avoid future liability.

Follow FindLaw for Consumers on Google+.

Related Resources: