Security Update: The Heartbleed bug

Robbie MossBlog, Dominion Payroll News, HR Management, HR Topics

The security of your account is extremely important to us at DP, and so we want to inform you that we have taken action in regards to this vulnerability that has affected a vast majority of websites on the Internet.

As soon as we received information about the Heartbleed bug, our team got to work.  First and foremost, we ensured that our payroll software (Empire and PayChoice) was protected.  Then, we worked with each of our third-party vendors to ensure that they, too, were compliant.  This includes services such as E-Hire, FileGuardian, HR AnswerLink, and more.  Our website was then patched to bring us up to 100% compliance.

What do I really need to know about Heartbleed?

This was a very critical bug that many still don’t understand.  There’s a lot of technical garble out there that hasn’t been translated down to the casual internet user, and so we want to take time and inform you in a way that is easy to understand.  First, any regular website that you visit should not be a concern to you.  As for any website that you’ve logged into with a password or any kind of credentials, it is extremely important that you change those credentials as soon as possible.  For example, having visited the DP website in the past should not concern you – you can’t sign into it, exchange data, or create sessions.  However, any site that offers you shopping, banking, or anything that has required you to create an account should be your utmost priority.  Think Amazon, eBay, Wells Fargo, the list goes on.

What is Heartbleed exactly?

Heartbleed is a vulnerability in code used by millions of websites called OpenSSL.  It was designed to protect sites, however this bug allowed complete access to hackers for compromising.  Additionally, any compromise would go undetected – you would never know it happened, and there is no way to trace it.  You can find out more at www.heartbleed.com

As an HR manager, how concerned should I be?

You should act on behalf of your company and all of your employees to inform and educate.  Any organization that uses SaaS software, such as HR or payroll systems, can be affected.  Many out there in the SaaS universe did not use OpenSSL, many fixed the vulnerability as soon as they found out about it, but it is extremely important to check with that provider to ensure that patches have been implemented and that their SSL certificates have been revised.

How can I check my website and others?

You can go to https://filippo.io/Heartbleed/ to discover more about any websites that you have gone to before.  If it is vulnerable, contact them and ask them why and if they can offer a timetable for corrective action.