Heartbleed, a bug in the design of OpenSSL, exposed the private data of millions of users and thousands of businesses. Many businesses use services affected by Heartbleed to transfer sensitive data. Heartbleed proves that when it comes to data security, good enough is not good enough.
To be specific, Heartbleed is a security bug in OpenSSL. OpenSSL is a piece of software designed to encrypt data, protecting data from the prying eyes of hackers. Heartbleed exposes that data.
It is estimated that as many as 66% of all web sites have been affected by Heartbleed as OpenSSL is a popular and widely-used piece of security software. Many of the sites affected are commonly used by enterprises to transfer files and other sensitive information. These sites and services include Google Drive, Dropbox, and Box, all of which are used by many businesses because they are popular and inexpensive. Each of these sites claims to protect your data using encryption, but Heartbleed has shown that their security was just not good enough. We know now that for the last two years each of them, along with many other “secure” content-sharing sites, potentially exposed their users’ data to hackers and other people with malicious intentions. When it comes to data security, yours should be excellent, not just good enough
So what do you do if you use one or more of the sites impacted by Heartbleed?
First and foremost, change all of your passwords on any of the affected sites. Most of them have now issued patches for the bug, which will solve your problems for the short-term.
Second, and even more importantly, you need to find a better long-term solution for file transfer and collaboration within your company. Research the most secure file transfer services available and set aside budget to invest in one. By doing this, when the next Heartbleed comes along, you will feel safe knowing that you are using a service that goes above and beyond for security and does not settle for good enough.