Richard

Richard Spangler is a leading business development consultant and recognized change accelerator who creates actionable results. An original founder of PlazaBridge Group, he has an intense desire to help growth companies migrate through the maze of issues and to help the executive/entrepreneur accelerate into success while minimizing errors. His expertise includes product strategy and management, entrepreneurship, mergers & acquisitions. Richard has over 25 years of experience in large corporate branding beginning with product management, corporate development and acquisitions for Compaq Computer Corporation. Following Compaq, Richard was the Program Director of Wireless Strategy at IBM, where he redefined the wireless application business. He continued at IBM as the Worldwide Brand Manager overseeing the Aptiva consumer product and new licensing programs for the IBM logo. After IBM, Richard leveraged his extensive experience in web merchandising, technology and strategic management to create 6 startups including Planet Portal Inc., Square Loop Inc., Creative Leadership Adventures, Interpretis Inc. and his current non-profit, PoleFlyers. Richard holds a B.S. from Guilford College and an M.B.A. from the University of North Carolina, Greensboro. Beyond the PlazaBridge doors, you can find Richard flying, golfing or playing the guitar with his band, The Headless Chickens.

May 9, 2014
11:13 am

4 Tips on Heartbleed & Your Small Business: Now That The Storm Has Settled

Now that the hubbub over Heartbleed has finally started to calm down — not that the hubbub was undeserved, but nonetheless it was hubbub — we’re beginning to see the solutions in how to protect your small business from Heartbleed’s OpenSSL bug. For now, try to ignore the accusations of insider trading or pay attention to the potential mad scientist behind Heartbleed, but rather follow this recap of ways to protect yourself.

1) Understanding Heartbleed

Heartbleed is a bug, not a virus. Basically it means that someone can ask a server for data, but not put a limit on how much data the server spits out to them. Here’s a great picture by xkcd.com that explains it:

Without knowing it ever shared sensitive data, your server can actually divulge way too much about your users, their passwords, their encrypted data, etc. That means that a hacker could get your email address and password, and potentially use it to log in to that website under your name or into any other website in which you’ve used the same username/password combination.

2) Protecting Your Computer & Mobile Device

Technically you don’t need to. Heartbleed affects servers, not your PC or cell phone. That being said, the websites you visit and the apps you use may be compromised. Check this website for a list of affected sites. If you have an account on one (or more) of them, we recommend changing your password and checking with the company to make sure they’ve patched the bug.

3) Protecting Your Servers

If you don’t host your own servers — for example, you use GoDaddy or BlueHost — you should change your passwords and confirm that the host has fixed the patch. The same goes if you use Dropbox, PayPal, Evernote, Box, Etsy, or Facebook apps. Go change your password(s). As for your own servers, you should get your network admin to patch them and then change the passwords. The same goes for you routers, network storage devices, and access points.

Kind of repetitive, right? There really isn’t much you can do to actually fix the wound Heartbleed caused. Instead, the best solution is the Band-Aid one: a patch to fix it and a password change. The damage has already been done. The best you can do now is prevent it from reoccurring in the future.

4) What To Tell Your Clients

Conduct an internal security audit and tell your clients that you’ve checked and double-checked that everything’s been patched. Inform them of the potential breaches and inform them — very carefully — that they’re valuable data is probably safe. Lastly, tell them to change their passwords on your site. Heartbleed affected everyone, so don’t be afraid to tell your clients. Better to be on the safe side.