It’s never a good thing when the day starts off with what might be bad news. I had that very sinking feeling on my morning train commute one day last week after reading a New York Times article about security experts who uncovered a significant flaw in the encryption technology used all across the Internet, referred to as the “Heartbleed” bug.
I always make it a point to check and double-check to ensure that any website I use to enter confidential information is identified by the “https” icon. And I constantly tell my college-age children to never use their credit card on any website unless they see the “https” at the start of the URL.
Now what? It turns out that what we were led to believe all along was safe and secure when conducting online transactions may not be so safe and secure after all. As a result, all of our confidential information — user IDs and passwords, Social Security numbers, credit card numbers, bank account information, and so forth — might be at a greater risk than ever before.
My immediate thought was that now I need to change my log-on credentials for all of my online accounts. Heaven knows if I can even remember them all. You can visit Mashable.com for a list of popular sites that may have been affected, or search for specific ones at Qualys® SSL Labs.
But some experts are cautioning to wait until all the vulnerabilities have been fixed — that rushing now might give those aware of the system weaknesses an even greater opportunity to capture your new log-on information.
Are you confused? What’s a person to do?
Another thought crossed my mind. With the prevalence of phishing in the online world, when we start receiving notifications from our service providers that they are aware of the bug — perhaps having fixed it — how do we know if it’s really from them?
My grandfather never used credit cards or bank cards — or even a computer or the Internet for that matter. He always told me, and firmly believed, that “cash is king.” I’m starting to see and appreciate the value of his wisdom.
Please feel free to e-mail me at firstname.lastname@example.org with any questions you may have regarding cyber risk and cyber-liability insurance. You can also follow me on Twitter @doughertyshawn.
Stay tuned for the next blog post in our Cyber Monday Series.