Heartbleed: Do your due diligence and make sure you are secure
04/10/2014 03:51 pm
The League has been doing its due diligence and has verified that all of its informational, customer facing websites are secure against the new Heartbleed Open SSL Vulnerability that was announced earlier this week. The League is also currently working to confirm the security of its service based vendors and is encouraging its member credit unions do the same.
It is important for credit unions to contact their service vendors to confirm they have done their necessary due diligence. Credit unions should make sure that their service vendors have knowledge of the vulnerability, they have looked into the situation, and that they either are not vulnerable or have already completed the patch work necessary to protect their customers.
The League is also encouraging credit unions to inform staff and membership to check their personal social networking and cloud service providers (Facebook ,Twitter, Dropbox, etc.) and reset their individual passwords if the service provider instructs them to do so. This is currently happening across many social platforms. In fact, some are even forcing passwords of users to expire so they have to be reset to enter the site. This is a security precaution, the same as issuing a new credit or debit card as a result of a card processing breach. It is not fraudulent activity on the part of their service providers.
If you are just reading about this for the first time, visit
CNET for more coverage of the virus and what major companies are doing to patch their websites.