April 10, 2014 Blane Warrene

Heartbleed – What Does it Mean to Me?

There’s been quite a bit of stir since a bug that impacts a significant portion of the Internet, and by default all of us as web users, was announced publicly on Monday. In short, it is a flaw found in a software package called OpenSSL that is used by a wide range of companies. A list of potentially vulnerable firms is here (as of yesterday that included Yahoo, Fool.com, Entrepreneur and EventBrite among others).

Many service providers serving the financial services industry have been issuing statements throughout today providing a status of their efforts, including popular password tool RoboForm and leading CRM provider Redtail Technology. The challenge remains, in an age of integration, that all technology partners in the ecosystem coordinate the patch  and response to Heartbleed, considering how data and connections to services are passed back and forth behind the scenes.

What Can You Do?

There are not a lot of steps you can take in this instance. There are some key steps you can perform to repond – and we’ve outlined those below.

  1. Ask your key providers – yes they’re getting heavy volume based on this – but they should also have prepared information and responses ready to serve you.
  2. Once you can confirm if a provider was impacted, and if the vulnerability was patched, then change your passwords. This include for critical sites used for banking, investing/insurance and healthcare. As security researcher Brian Krebs told the New York Times – you don’t have to wait to change your password. You can always change it again. It is a small inconvenience versus losing extremely sensitive information.
  3. For major providers like banks or custodians, you should be able to check in on their respective web sites for more information. For example PNC Bank has it on their home page, though in searching several other financial services industry sites, there was no mention. That does not mean there is an issue – many firms have proactively announced they were never impacted by the issue.

We’ll be discussing this more over the weekend in the Digital Well podcast.

Blane Warrene

Recognized as an industry leader in financial services business development and technology, Blane has worked in progressive roles in operations, technology and compliance in the industry. He co-founded Arkovi Social Media Archiving in 2009 with Carl Cline and Tyson Lowery - successfully raising capital and delivering a modern software as a service solution for business use of social media. Blane also co-founded QuonWarrene with Neal Quon in 2009. In October 2012 Arkovi was acquired by RegEd. Blane continues to advise companies via QuonWarrene. In addition, Blane is a sought-after speaker and panelist at industry and corporate conferences where he brings a fresh and innovative approach to business issues. An avid blogger and well known on twitter, @blano, he is actively engaged in social media providing thought leadership in compliant communications. Blane serves as a board member for the Dennison Railroad Depot Museum, an Ohio national historic landmark.