It’s finally happened. No need to be running Windows XP. No need to be running around leaving your credit card receipts on the ground outside 7-Eleven stores. No need to leave the keys in your car ignition. Now, it’s just enough for you to be a member on one of these sites – list courtesy of GitHub. The Heartbleed bug might have already bitten you!
So, what’s a smart IT person to do? You should move quickly and calmly toward seeing if your sites and activity are vulnerable. Be aware that the situation has been the same for two years and people are just catching on to it now. Then you should get your whole team in a room and explain the issue to them.
Then, once people understand the gravity of the situation you should have them start changing passwords where necessary.
In fact, according to a great piece on Business Insider – here’s how to protect yourself once you find out you’re affect. And you ARE affected. We all are. Sites like Yahoo, FitBit, Slate and Eventbrite are on the list, so get going and fix your passwords.
How can something like this happen? You tell me. Aren’t we all using double verification for sign-in? Aren’t we all changing email addresses and passwords for each site we access? Aren’t we using crypto keys that change every 20 seconds for access to company VPNs?
Um, no. I don’t think we are. And why not? Isn’t this wake-up call just one more in a long line of breaches that should wake up the entire IT industry? I would say so. And I’d say, get going. Share this blog post and then go change your passwords.
We’ll talk again next week.