Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

'Heartbleed' Flaw: What Businesses Need to Know

By Brett Snider, Esq. on April 09, 2014 10:30 AM

A newly discovered security flaw called "Heartbleed" has many businesses scrambling to beef up their online security.

The Heartbleed flaw affects websites that use a security software called OpenSSL to protect users' data and passwords. As The Washington Post explains, sites vulnerable to the flaw are like doors with defective locks. No matter how much consumers change their passwords, if the "lock" is broken, user data is vulnerable.

So what does your business need to know about the Heartbleed flaw?

Heartbleed Makes SSL Less Secure

Your business' website can use various different levels of security to thwart hackers and spammers, and offering a secure, trusted connection to consumers is a real asset. Many business sites use a protocol called SSL to establish a secure connection with consumers when exchanging data like passwords or credit card numbers.

Sites with SSL protection have "https" ("s" for "secure") at the beginning of their Web addresses, and most browsers will display a "padlock" icon showing that those sites are secure. But for business servers using OpenSSL -- a free version of the SSL protocol -- that padlock is broken.

The Post reports that almost 10 percent of "secure" sites (among 1,000 sites tested) are vulnerable to the Heartbleed flaw, although more than 50 percent don't use any sort of SSL.

An online "Heartbleed test" has been created to determine if a site (or server) is vulnerable to the Heartbleed flaw, and companies are already informing consumers of potential security issues.

What If Your Business' Site Is Affected?

If your business' site is vulnerable to the Heartbleed flaw, don't panic. The OpenSSL project has addressed the Heartbleed issue in its newest versions, which may require a simple upgrade for businesses, reports Threat Post.

Business owners can potentially be held liable for data breaches if they do not act reasonably to protect consumers, so make sure to take steps to fix your site's "lock." The Post reports that Yahoo, Amazon, Ars Technica, and Etsy released statements to users concerning the Heartbleed vulnerability, and your business may also want to notify consumers.

Not only will it be smart to calm consumers down and tell them about your new security measures, notifying them of issues or recommending password changes may help you avoid future liability.

Follow FindLaw for Consumers on Google+.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard