How to Treat a HeartBleed
April 10, 2014
April 10, 2014
News of the “HeartBleed Bug” wreaking havoc with 70 percent of all websites has spread like wildfire across social media. It has many consumers fearing their most sensitive personal and financial data has been vulnerable going back more than 2 years.
So you can imagine the collective sigh of relief here at the SM& offices when our web provider, The ADK Group, sent us an email assuring us that (not only did we not have any highly sensitive data on our site but that) they are “monitoring the situation with your site and our hosting provider, and are working to eliminate any security vulnerabilities.”
We appreciated ADK’s proactive approach, reaching out and letting us know that they are on top of the situation and doing everything necessary to remedy any digital vulnerabilities.
At a time when people are hyper-sensitive to the protection of data, all companies (especially those we entrust with our most personal information) would be smart to communicate and be fully transparent about what they are doing when many consumers/users are anxious and uncertain.
Mashable did a fascinating survey of HeartBleed responses among the most popular websites. One of the biggest sites impacted, Yahoo, reported this information:
“As soon as we became aware of the issue, we began working to fix it… and we are working to implement the fix across the rest of our sites right now.” Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr were patched. More patches to come, Yahoo says.
But Mashable also received what we would consider insufficient and lack-luster responses. As of this writing, for example, it’s unclear if Heathcare.gov has been vulnerable to the bug, and no one from the federal government’s health connector has even responded to a request for comment.
That's hard to believe in the era of big data/privacy concerns. Organizations that aren't proactive about the HeartBleed leak should know better, and should expect inquiries from their customers.