There’s been quite a bit of stir since a bug that impacts a significant portion of the Internet, and by default all of us as web users, was announced publicly on Monday. In short, it is a flaw found in a software package called OpenSSL that is used by a wide range of companies. A list of potentially vulnerable firms is here (as of yesterday that included Yahoo, Fool.com, Entrepreneur and EventBrite among others).
Many service providers serving the financial services industry have been issuing statements throughout today providing a status of their efforts, including popular password tool RoboForm and leading CRM provider Redtail Technology. The challenge remains, in an age of integration, that all technology partners in the ecosystem coordinate the patch and response to Heartbleed, considering how data and connections to services are passed back and forth behind the scenes.
What Can You Do?
There are not a lot of steps you can take in this instance. There are some key steps you can perform to repond – and we’ve outlined those below.
- Ask your key providers – yes they’re getting heavy volume based on this – but they should also have prepared information and responses ready to serve you.
- Once you can confirm if a provider was impacted, and if the vulnerability was patched, then change your passwords. This include for critical sites used for banking, investing/insurance and healthcare. As security researcher Brian Krebs told the New York Times – you don’t have to wait to change your password. You can always change it again. It is a small inconvenience versus losing extremely sensitive information.
- For major providers like banks or custodians, you should be able to check in on their respective web sites for more information. For example PNC Bank has it on their home page, though in searching several other financial services industry sites, there was no mention. That does not mean there is an issue – many firms have proactively announced they were never impacted by the issue.
We’ll be discussing this more over the weekend in the Digital Well podcast.