Cloud & IT

The Heartbleed bug is bad news for most companies, including small businesses, both because it potentially leaves
customer data open to hackers and because of the scale of the web traffic involved. Even though the weakness, which exploits
a flaw in popular open source encryption software.

Open SSL has been around since March 2012, its existence has only come to prominence in April this year. Worryingly, experts believe that up to two thirds of all websites have been compromised so how do you know if your business or data is at risk?

Open SSL runs on web servers and was designed to protect traffic that carried personal data between users and
supposedly secure sites such as banking and shopping carts. It’s used widely across the web, from huge companies such as Yahoo down to small e-commerce sites.

But it has now emerged in what has been dubbed the world’s ultimate web nightmare that these encryption keys
could be lifted from the sites themselves if the Heartbleed bug had compromised them. Worse, it can be done without leaving a trace.

“The main worry is for small e-commerce sites that do not know they have been affected,” says Keith
Cottenden, director at cybersecurity specialists CY4OR told the BBC.”Any business that takes customer details could be
vulnerable because this encryption is designed to protect personal data. Businesses need to apply mitigation now.”

Effective and robust data security is business-critical for companies of all sizes, but the cost is often disproportionately high for
smaller outfits.

While bad data handling can cost clients and trust both key to the success of small businesses many companies have inadequate systems in place, either because of a lack of resources and understanding, and rely on a head-in-the-sand approach when something like Heartbleed occurs. But the expert opinion in this case is that no company can
afford to ignore Heartbleed.

The bug has been around for two years, meaning that anything held in that time could potentially have been accessed if your website relied on Open SSL for secure communications with users, and there’s no way of knowing if this has happened. While the advice to users is to change passwords once sites have been fixed, the onus is on sites to update their security systems
first, otherwise the new password is also vulnerable.

Key steps to take to make sure any data such as credit card details or passwords that your site holds is secure includes updating Open SSL on each individual internet-facing computer you have, as well as revoking your SSL certificates and generating new ones.

If you have an IT department, they should be able to sort this for you if not and this sounds confusing, then it is likely that you need assistance from specialists for this and other data security needs.

Cyber crime can be an annoying and time-consuming menace for small businesses. Computer crime is on the increase, but many small and medium-sized businesses lack the resources to deal with it effectively, and resort to burying their heads in the sand and hoping it will never happen to them.

MPs warned last year that low-level cyber crime, mostly financial, was becoming so prevalent and commonplace that it was falling into a ‘black hole’, with most never reported to police.

Cyber crime can take many forms, but is often related to financial or phishing scams, which aim to get financial details so fraudulent activity can take place, or paralysing networks with botnets or malware, which spreads viruses and stops websites working properly. Increasingly, attacks on computer networks are designed to steal data which can then be sold on.

Solutions are hard to come by, as the exact nature of the problem varies from case to case and as hacking techniques evolve. Unlike telephone fraud, which also remains a significant problem, but requires human-to-human contact, cyber crime can affect vast numbers of machines and website simultaneously.

There are no guarantees, but here are our top five tips to give yourself the best chance of avoiding a cyber attack:

1) Use trusted anti-virus software protect your PC from viruses, malware, trojans, worms and more, and get regular scans to detect any potential problems. Costs vary enormously, so check the detail of what’s included and if in doubt get a higher level.

2) Don’t click on any email or twitter links that look strange most web crime still circulates via email, so be alert to this and don’t click on or open anything you don’t recognise, or from an unknown sender.

3) Keep your software up-to-date – Hackers exploit software flaws, but makers often provide patches when these become evident, which you’ll need to update to make use of. Don’t ignore your computer’s attempts to upload new versions of programs.

4) Back-up your data that way, even if the worst does happen you have a working version to restore to. Ideally keep the back-up off site, or in a fire safe.

5) Register for Nominet’s new anti e-crime services – The internet domain-names registrar is launching Nominet Cyber Assist, aimed at SMEs, and is offering 1,000 businesses the chance to try it for free. Register your interest in the service, which aims to keep websites secure and operating.

Cyber crime will always be out there and it could still happen to you, but following the tips above will give you the best chance of avoiding it.