Did The Heartbleed Bug Affect Your 3rd Party Service Provider?April 22, 2014
What measures are your 3rd party service providers taking to protect your data? 8 ways you can help protect your data.
The “Heartbleed” bug sent businesses and individuals into panic mode in order to prevent passwords from being disclosed, personal information from being compromised—and ultimately, assets from being stolen. The Heartbleed bug can cause sensitive information stored on servers to be disclosed, including passwords, usernames, personal information and credit/debit card numbers.
The vulnerability “can potentially impact Internet communications and transmissions that were otherwise intended to be encrypted,” according to an alert issued by the U.S. Department of Homeland Security (DHS). The nature of the bug is complex and it is not yet clear exactly how long this security flaw has existed.
Many websites quickly applied patches to fix the hacking attempt however, as with any hacking threat, you should take the Heartbleed bug seriously and consider following these steps to protect yourself from potential security risks:
1. Ask your 3rd party service providers what they are doing to protect your data. Service providers such as your email marketing service, payroll processor &title mortgage company should have a SOC Audit performed to ensure that the controls are in place so that your data is protected.
Here are a few other steps you can take to ensure your personal data remains protected:
2. Change your passwords. This is always a good idea to do periodically, especially now. The DHS says that you should only change passwords after the vulnerability has been fully addressed at individual websites. Use strong passwords with letters (including capitals), numbers and symbols. Keep passwords long, 10 or 12 characters if possible. A password manager can help you keep track of all of your passwords.
3. If you have the option to do “two-factor authentication,” take it. This security feature is just as it sounds—to access accounts, you have to type in two factors. For example, it might require a password and then a code sent to your smartphone. It’s not available everywhere yet but it can add protection to help keep your data safe.
4. Clear your internet browser cache, history and cookies. Again, this is a good idea to do on a regular basis. Exactly how to do this depends on the browser you use but below are instructions for a few popular browsers (always check with your IT department before proceeding).
For current versions of Internet Explorer. Go to Tools (an icon with gears). Choose “Safety” and then “Delete Browsing History.” There you can check “Temporary Internet files, Cookies, History,” etc.
For current versions of Firefox. Click the Firefox button at the top of the window. Select “History,” then select “Clear Recent History.” This opens up a pop-up box that asks for a time range to clear. Select “Everything” and check “Browsing and Download History, Cookies and Cache.” Then, click “Clear Now.”
5. Beware of e-mail messages promising instant solutions. Be on the lookout for future emails promising to help or asking you to click on links to help rid your computer of the Heartbleed bug. Don’t fall for it!
6. Check your credit card and bank accounts and statements thoroughly. Be sure to review your statements for all charges. If you see suspicious or false charges, contact the issuer or institution immediately to limit your liability.
7. Closely monitor your e-mail accounts, social media accounts and other online assets for irregular or suspicious activity, such as abnormal purchases or messages.
8. Check for the “s.” After a website you are visiting has addressed the vulnerability, the DHS states you should “ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s,” as it means secure.
These are general Internet security tips to help protect you from bugs such as the Heartbleed and other attacks. There is no way to guarantee that you will not be affected but you can make yourself less vulnerable by taking certain steps right away.