Heartbleed: 4 Steps You Need to Follow Now

heartbleed-tallBy now internet users and organizations have now heard of Heartbleed. However, what is unclear—as sites of all sizes and across all industries scurry to fix the immediate damage and assess longer term consequences – is whether all internet users and online web sites are checking to see if the sites they use have been affected and if their personal, financial, and medical data is at risk.

With the wide adoption of online applications and services from everyday tasks like paying bills and communicating with business colleagues, friends, and family, to activities like filing taxes and booking vacations; these all could have been affected.

Alvaro Hoyos, Director of Risk and Compliance for OneLogin, has put together a list of four suggested steps to do now.

1. Check “The Heartbleed Hit List: The Passwords You Need to Change Right Now”maintained by Mashable. If a site you use is not there, go to the individual sites and check their latest news releases or blog posts for information on how Heartbleed affected them. This vulnerability has received extensive press coverage and most vendors have made statements on where they stand on the issue by now.

2. Check that any affected site you use has fixed the problems with updates. This also includes issuing new certificates; digital forms that websites use to identify themselves and are a key part of establishing that secure communication. To check that a website is no longer vulnerable, simply enter its address in the Heartbleed Test tool. To check that they have issued new certificates, click on the browser lock icon when you navigate to the website and verify whether they issued a certificate sometime this week.

3. Change your password but NOT until services have been updated. When you do this, don’t re-use any old passwords, use easy to guess words, or personal data. You should use different details for each service or website, or use an Identity and Access Management service like OneLogin to help centralize your account access.

4. Focus on what data is stored or transacted through each website that you use that has been affected including whether they contain sensitive data like payment information or medical records. These are the most important sites to look at first, while others can be updated in due course.

Hoyos, in addition to being director of Risk and Compliance for OneLogin, has over 8 years of compliance experience working for PwC and Grant Thornton, two of the largest global public accounting firms.

Partner Content

Hincapie Sportswear Finds Omnichannel Success in the Cloud - Netsuite
For more and more companies, a cloud-based unified data solution is the way to make this happen. Custom cycling apparel maker Hincapie Sportswear has leveraged this capability to gain greater visibility into revenue streams, turning opportunities into sales more quickly while gaining overall operating efficiency. Download this ecommerce special report from Multichannel Merchant to more.
The Gift of Wow: Preparing your store for the holiday season - Netsuite
Being prepared for the holiday rush used to mean stocking shelves and making sure your associates were ready for the long hours. But the digital revolution has changed everything, most importantly, customer expectations. Retailers with a physical store presence should be asking themselves—what am I doing to wow the customer?
3 Critical Components to Achieving the Perfect Order - NetSuite
Explore the 3 critical components to delivering the perfect order.
Streamlining Unified Commerce Complexity - NetSuite
Explore how consolidating multiple systems through a cloud-based commerce platform provides a seamless experience for both you, and your customer.