Last week, news broke of a major bug, called Heartbleed, in OpenSSL, a program used to encrypt data on about 66% of web sites. OpenSSL protects sensitive information like passwords and social security numbers. The bug basically makes all of that data vulnerable. As a digital marketer, you will need to take major steps to keep data for yourself, your company, and your clients secure.
What You Need to Do Right Now to Avoid Heartbleed:
Change all of your passwords.
All of them? Yes, all of them. Not every web site is affected by Heartbleed but many are, including Google, Facebook, Dropbox, and Tumblr. There are certain sites that do not use OpenSSL. Many of these include banks and other sites that transmit very sensitive data that use extra levels of encryption. Regardless, it is better to be safe than sorry. If you don’t know if a site uses OpenSSL, you should still change your password. One note: You may want to wait till you change your passwords. If you change your password before a site has implemented a security fix, your private information could still be vulnerable. Mashable has put together a great list of affected web sites.
Check announcements from sites you use frequently.
Many sites that use OpenSSL have already issued fixes but some have not. Make sure you keep abreast of the news for sites you use regularly to find out if they have fixed the bug yet. This is actually the most important thing you need to do. These fixes need to be implemented manually, and it’s very possible that some sites may take a long time to fix the bug.
Avoid sites that haven’t implemented a fix.
If you discover that a site has not implemented a security fix for Heartbleed, you should avoid it for the time being. Utilizing any site without a Heartbleed fix could potentially put your data at risk.
Fix your own sites.
If you use OpenSSL on any of your own web resources, make sure your IT department fixes the bug on your sites immediately.
Inform your clients when you have secured their data.
Once you have taken steps to secure your own data, make sure you communicate to your clients that you have implemented a fix. Then, if they use passwords for your site, make sure they change those passwords.
