Security experts have advised that the Heartbleed computer bug risks extend beyond just websites and are warning UK SMBs to check that their HR and payroll software is not at risk. Using vulnerable OpenSSL code which may be found in some SaaS (software as a service) or online web platforms, the widespread bug could enable hackers to compromise systems undetected and collect sensitive personal and financial data and even the decryption keys themselves.
With HR systems holding personal information such as bank details, passport numbers and payroll information, companies need to ensure this data is secure. Paul Beaumont, Managing Director of Octopus HR, says: “It is vital to know that your software provider takes its responsibility to security seriously and invests accordingly. Octopus HR invests heavily in the security infrastructure around its system and has been unaffected by the Heartbleed bug which, whilst hitting the headlines now, has actually been around for the last two years.”
“While I’m pleased to say that Octopus HR has not been affected by this security flaw there may, however, be some providers whose software has been vulnerable to an attack. Organisations that use a SaaS HR system are strongly advised to check with their provider whether their HR system is hosted on servers having used any of the affected versions of OpenSSL. If it does, they have been, and still are, vulnerable to hackers.”
“Companies whose providers are using OpenSSL will have been susceptible to an attack so all users with access to the system will need to change their passwords. However, it is important to check that the software provider has implemented all required security patches and revised their SSL certificates first or any new login details will also be at risk.”
Organisations can check to see whether their provider uses OpenSSL by pasting the URL used to login to the system (beginning withhttps://) into a free online tool.
