Anybody who has been reading IT news in the last couple of weeks will have heard about Heartbleed. Although it’s often been referred to as a “bug” or “virus”, it is actually a security exploit which was discovered in OpenSSL, a popular piece of software used to encrypt sensitive information.

What does this mean for the average layperson? Put simply, if you have an account with any affected website or service, then attackers may have been able to use the Heartbleed exploit to access your information, including usernames and passwords.

When it was discovered, many news sites recommended that users change their passwords instantly. However, this may not have helped; if you change your password with a site that has been affected by the Heartbleed exploit before they have updated their OpenSSL software to fix it, you remain at the same risk as if you hadn’t changed anything. It’s only once the exploit has been resolved that changing your password will help.

There is no need for mass panic however; Heartbleed does not affect all sites and servers, only those who used the vulnerable OpenSSL software in the first place. The announcement of Heartbleed was quite quickly followed by reassurances from major banks and retailers, including PayPal, Amazon and eBay, that they did not use OpenSSL and were therefore not at risk.

The Heartbleed panic does highlight one common issue for many IT users; password security. Your password is only as secure as the site you enter it into, and this is why it is always recommended that you use different passwords for different sites. If you have the same password for your online banking as you have for an unrelated site which was vulnerable to the Heartbleed exploit, then yes, you certainly should change your online banking password – and change it to a unique one that you don’t use elsewhere.

To ensure that your online information is safe, you should always use unique, secure passwords that are easy to remember but not easy to guess; and you should change them regularly. If you haven’t changed any of your passwords within the last year – and most people don’t change their passwords that often – it is a good idea to change them now.

Here at Tristar, we offer expert IT support in London, so if you are concerned about the security of your network or would like more information on how our services can help your business, we would be happy to hear from you - just call us on 01707 378453 to speak to our friendly team.