Heartbleed 101 for Not for Profits

Heartbleed is considered one of the biggest global threats to internet security, but what does it mean for Not for Profits? Digital expert Richenda Vermeulen explores the question.

Heard of heartbleed? No, it’s not a new Not for Profit, but it’s definitely something Not for Profits should pay attention to. Heartbleed is being called one of the biggest threats to internet security so far, so what does it mean for your organisation?

Heartbleed is the name of a flaw found in the extremely common security layer OpenSSL, which is an open-source project maintained by a small group of developers.

OpenSSL is the most popular TSLs (Transport system layer) and is designed to make websites trustworthy and recognisable to consumers and protect their privacy and transactions.

A flaw in this system – heartbleed –  now means that sensitive information can be easily exposed to those that go looking for it.

What can you do to protect yourself?

As an individual it’s simple – change your passwords. You may have started to receive notifications from internet giants asking you to change your passwords. For a full list of websites that have been compromised click here.

As a leader of an organisation, your IT department will need to update to the new version of OpenSSL, which is a fairly straight forward process.

However, your organisation may not be using OpenSSL. If your organisation is too small to warrant an IT department, check if security has been breached with your web host or third parties you are collecting donor information through.

So why did heartbleed make headlines?

Heartbleed is considered one of the biggest threats to internet security because it affected so many websites. According to mashable, secure websites with ‘https’ in the URL (‘s’ stands for secure) make up 56 per cent of websites, and nearly half of those sites were vulnerable to the bug.

Brands like Google and Facebook knew of heartbleed before the public announcement on April 7 but many brands like Amazon, Twitter and Yahoo were none the wiser.

It was also worrying for many tech leaders because it was impossible to tell if security had or has been breached. All that was clear was that the bug existed.

So who is behind heartbleed?

The source is unknown, however initial arrests have been made for those taking advantage of the breach.

What is known is who found it. Neel Mehta of Google security discovered heartbleed around March 21. Since then, Facebook and Microsoft donated $US15,000 to Neel via the Internet Bug Bounty program.

Mehta chose to gives the funds to the Freedom of the Press Foundation.

About the Author: Richenda Vermeulen is the Director of ntegrity, a Melbourne-based digital agency that empowers brands to become digital. Prior to ntegrity, Vermeulen spent a decade in the Not for Profit sector, launching social media at World Vision Australia and World Vision USA.