Who’s Afraid of the Heartbleed Bug?

If you're not, pay attention.

Many companies have responded to the recent Heartbleed Bug crisis by sending email notices that either inform you their website was not affected by the issue, or request that you change your password because they have fixed the vulnerability in their website.

But what is Heartbleed, and how are vendors addressing it in the insurance industry? Most important, how should independent agents respond? Here’s a quick list of what you need to know in order to protect yourself and your business.


What is Heartbleed?

  • It is not a typical virus. It exploits a vulnerability in OpenSSL (Secure Socket Layer). Most financial institutions don’t use OpenSSL, but sites like Gmail, Yahoo and Facebook do.
  • It affects some websites that display addresses beginning with “https:”—but not all.
  • It allows hackers and thieves to more easily steal logins and passwords.

How is the insurance industry responding?

  • Insurance industry vendors are working to determine if they are affected, and if so, apply fixes. This includes any technology provider who hosts their software from a secured website.
  • Vendors might send emails  confirming this. If you haven’t received an email, check with your vendor before taking further action.

What can you do?

  • Check whether websites or services you use are safe by reviewing continually updated lists like the GitHub Heartbleed Masstest.
  • Test the sites you frequent using a Heartbleed testing service, such as McAfee’s free Heartbleed Checker Tool or Filippo Valsorda's Heartbleed Tool.
  • Take steps to re-set your passwords, but only once the provider has patched the vulnerability.
  • Keep a close eye on your online transactions, including your credit cards, bank account and other financial statements.

What’s next?

Heartbleed is a clear reminder to maintain a strong ongoing ID/Password policy. Here’s how:

  • Change your passwords on a regular basis.
  • Do not use the same password on multiple sites.
  • Use strong passwords, containing all of the following:
    • Eight characters or more
    • Both numbers and letter (upper- and lower-case)
    • Special characters if allowed (!, $, @, etc.)
  • Continue to be vigilant regarding news on Heartbleed and other viruses. Being proactive to protect the security of your personal information—and that of your clients—should be an important part of your organization’s information risk management program.

What steps are you taking to be vigilant in protecting your information?

Ron Berg
is executive director of the Big “I” Agents Council for Technology.

Some information for this article was obtained from an article by Steve Anderson on his ‘Tech Tips’ website.