When you visit a web site, through a “secure connection”, in theory the information is encrypted and can’t be accessed.
According to CNN, “Cybercriminals could exploit the bug to access visitors’ personal data as well as a site’s cryptographic keys, which can be used to impersonate that site and collect even more information.”
Just do a Google search for “Heartbleed” to see what you need to do.
But in short, you need to a) ensure that the web sites your use have fixed the Heartbleed security flaw b) if they’ve done this you need to then change your password.
There seem to be so many security holes, flaws and ways for un-authorized users to access your network. Here’s what you should do to be as secure as possible:
- Be vigilant and aware when major secure flaws are announced by the general media
- Sign up and/or be aware of security notifications from your software vendors
- Regularly update your computer software (browser, operating system, software)
- Backup your data and related software and applications
- Train your staff (and you) in the basics of computer security
- Be vigilant and smart (don’t write your password on a piece of paper, for example)
- Consider “two factor authentication” to have not only a password to access your web sites but also a secret code provided on a cell phone or other 3rd party device
Here’s some popular small business online software and how they been affected by Heartbleed
Quickbooks online - not affected
GoDaddy – if you use their SSL services read this statement in what to do
PayPal – not affected
Dropbox – was affected but has patched it’s servers – password reset probably needed
Evernote – never affected, was secure
Asana – was affected, fixed their servers – you might want to change your password
Most all banks appear to have not been affected
Infusionsoft – not directly affected at all. However read this thorough blog post for more details.