You are here: Features Remar's Report Heartbleed Won’t Be the Last! Tips for Staying Safe Online

Heartbleed Won’t Be the Last! Tips for Staying Safe Online

May 2014

In recent weeks, the Heartbleed security bug has headlined hundreds of news stories. Not only were user names, passwords, and other personal information potentially exposed, but there was little consumers could do because the vulnerability was in the security software that many Website servers used. Needless to say, once the bug was identified the majority of endangered websites rushed to patch the problem. Two weeks after the public announcement, only an estimated 2% of vulnerable websites had not fixed the problem. Now that most exposed websites are patched, consumer can and should change their passwords.

The alarm bells sounded by the Heartbleed bug may be dying down now, but they can teach everyone who goes online an important lesson: Providing online security for your digital devices—computers, tablets, smartphones—is not a one-and-done task; instead, it is an ongoing process. Now is the time to review these important tips to ensure that you are keeping all your Internet-enabled devices as secure as possible to protect your personal and financial information.

First, What Is the Current Status of the Heartbleed Bug?

The Heartbleed bug is a flaw in specific versions of the security encryption software—OpenSSL—used by the webservers for many websites. This flaw theoretically could give access to personal information such as usernames, passwords, credit card numbers and the like to hackers, but the hacks, if any, left no "footprints" that could be traced. The bug was inadvertently introduced to OpenSSL code about two years ago and just discovered recently. While most big financial institutions including banks and credit unions were never vulnerable, other popular websites discovered they were vulnerable. The vast majority quickly made patches. Some websites alerted member users to the fix and others posted the status on their home pages. Others remain silent.

What Can You Do To Stay Safe Online

  • Install security software on your computer and mobile devices
  • Secure your home wireless network
  • Use strong passwords and change them regularly
  • Log on and log off every time you use a site
  • Avoid phishing scams
  • Don't use public Wi-Fi for privacy business

So what can you do? Experts recommend that you now change the password on all your web accounts. It’s also a good opportunity to make your passwords more secure. Our Gen Y with Will article shows you a good way to create longer, more secure, but easy-to-remember passwords for every website.

Now, What Can You Do Going Forward to Stay Safe Online?

Here are some action steps you can take now. But remember you have to make these actions an ongoing habit and you have to keep any software involved updated.

Install Security Software on Your Computer and Mobile Devices

Security software should include a firewall, antivirus, and antispyware/adware functions. Some also offer antispam and antiphishing functions. Keep these programs updated; you can typically schedule automatic updates. Enable regular scans.

Make Sure Your Home Wireless Network is Secured

I am amazed at how many people use security software on their wireless devices but then don’t secure the wireless network. Doing so is not hard. You’ll find the steps in the instructions that came with your wireless router.

Use Strong Passwords and Change Them Regularly

A strong password will not be any fact easily associated with you (such as birthdate, birthplace, parental names, pet names, former schools, and the like), a word found in any dictionary, or a logical string of letters or numbers. Instead, it should be more than 8 characters long, contain numbers, letters and symbols, contain uppercase and lowercase letters. Each website should have a different password. Experts recommend changing your passwords regularly. As mentioned earlier, this article shows you how.

If you need to keep a list of passwords, keep them securely at home. Don’t store them on the device (or put them on sticky notes) or in your desk at work or in your wallet.

Log On and Log Off Each Time You Use a Site—Don’t Stay Connected

We emphasize this rule for websites on which you conduct financial transactions such your financial institutes, credit card accounts, utilities accounts, retail accounts, entertainment streaming accounts and the like. When you establish an account or log on and the site asks "remember me on this site" always choose "No". Staying logged on to social media sites may also make your information vulnerable, but more important, most social media sites track your activities online. We recommend that you log on and off of social media rather than leave it up.

Avoid Email Phishing Scams

You know the drill on these: Don’t open email from someone you don’t know. Don’t click on links in unsolicited emails. If the email and link appear to come from an entity you do business with, contact the person or company using contact information you got independently. Don’t download unknown or suspicious attachments.

Don’t Conduct Private Business on Public WIFI

Checking your savings account balance or paying your bills using the free WIFI at your favorite coffee shop or sandwich bar is asking for trouble. Even using a Virtual Private Network may not be safe in all cases. The safest policy is to perform these tasks only on hardwired devices or secured private networks. Our Wireless Banking: Are You Safe? video has more tips.

Keep Your Business Computer and Mobile Devices Strictly Business

Because you don’t control the environment for business devices (or even access to all of them), don’t store your personal and financial information on a business device and don’t conduct personal business on them.

Use One Credit Card for Internet Purchases

One of the great conveniences of the Internet is that you can purchase all kinds of goods and services with the click of a mouse or the wave of a smartphone. The safest way to pay for these purchases is still by credit card, not debit card. Also, experts recommend that if you have more than one credit card, you identify one to use for online purchases. On retail sites that must store a card, use that one card. If you aren’t required to store a card, entering the card number for each buying occasion may be safer.

Paying Attention Can Protect You

It’s not hard to follow these steps. As you can see, some take a little effort when you set up your devices and others just take a little more effort to conduct personal business in safe environments. The plus can be much greater security and privacy for you.

For More Information

GetReal Report: Enhancing Your Computer and Online Privacy

Gen Y with Will: How to Build Decent Passwords

Remar’s Report: Banking by Smartphone or Tablet? Make Sure You Do It Safely

GetReal Fraud and Privacy

Consumer Reports Guide to Internet Security


blog comments powered by Disqus