Heartbleed Computer Bug Risks Extend Beyond Websites, Firms Warned
Small firms have been advised to ensure their HR and payroll software is not at risk from the Heartbleed bug.
Security experts have warned that vulnerable OpenSSL code is contained in some some SaaS (software as a service) or online web platforms. The bug could then enable hackers to compromise systems undetected and collect personal and financial data and even the decryption keys.
Paul Beaumont, Managing Director of Octopus HR, said: “It is vital to know that your software provider takes its responsibility to security seriously and invests accordingly.
“Organisations that use a SaaS HR system are strongly advised to check with their provider whether their HR system is hosted on servers having used any of the affected versions of OpenSSL. If it does, they have been, and still are, vulnerable to hackers.”
He advised that firms whose providers are using OpenSSL change their passwords, but also wanted that they need to “…check that the software provider has implemented all required security patches and revised their SSL certificates first or any new login details will also be at risk”.
Organisations can check to see whether their provider uses OpenSSL by pasting the URL used to login to the system (beginning with https://) into a free online tool.