Chances are that you got up this morning to news of "Heartbleed", a serious flaw affecting millions of websites across the world. You may have even received a number of emails from various online service providers telling you that they have successfully patched their servers to correct the problem.
But what is Heartbleed?
A serious problem with encryption
To keep your sensitive information (like credit card numbers and address details) safe from criminals, website operators typically encrypt data as it passes over the Internet. Your web browser establishes a secure connection to the website using a technology called Secure Sockets Layer (SSL) - you should see a padlock icon in the address bar of your browser when communicating via SSL.
The SSL connection acts like a secure pipe between your computer and the website, so that should someone successfully intercept your web traffic, they will not be able to read it. Your data remain safe whilst in transit.
The OpenSSL factor
The Heartbleed problem is caused by a flaw in the software that many websites use to create SSL connections. Although the encryption works flawlessly, there is a problem with the way that unencrypted data is stored on the website, potentially leaving it open to theft by cybercriminals.
Perhaps most concerning is that although the Heartbleed vulnerability has only just become common knowledge, the flaw has been installed on millions of websites for up to two years already.
Among the sites identified as having problems were Google, Facebook, Tumblr, Yahoo and Gmail.
What can you do?
Ultimately, responsibility for patching the OpenSSL flaw lies with website operators, many of whom have been working around the clock to fix problems.
However due to uncertainty about just how long many of these websites have been exposed means that some of your account data could already be compromised. As a result, Get Support are advising all of their customers and blog readers to change their website passwords immediately.
Although many website operators have been admirably open about problems they have encountered, some have refused to comment about whether they have been affected or not. Apple, Ebay and Evernote are among the organisations remaining tight-lipped about whether their clients have been affected.
Some good news
Microsoft do not use OpenSSL for Office 365. This means that Office 365 users have nothing to worry about because data stored in Office 365 accounts has never been exposed by the Heartbleed vulnerability. It's also good news for those businesses using Small Business Server on-site, they are unaffected. However if you have used the same password for Office 365 or your Office network that you use for other websites that may have been compromised, then we recommended changing your password and suggest not sharing passwords between websites and / or your office network.
If you are concerned that your business may have been affected by the Heartbleed flaw, or need assistance with securing your company website and network, give the Get Support team a call now on 01865 594000.