Heartbleed, the Internet super bug that provided hackers with access to vulnerable information from thousands of the biggest sites on the web, did more than compromise login IDs and passwords—it jeopardized the private social insurance information of hundreds of Canadians.
The Canadian Revenue Agency took its website down as a precautionary measure and has since re-launched it, but there was a six-hour window where information remained vulnerable, allowing hackers to access and remove the Social Insurance Number (SIN) information of approximately 900 taxpayers. The CRA will be sending out registered letters advising Canadians who were affected by the breach as to next steps. The details of when these letters will be sent out has not been released, but a Tweet by commissioner Andrew Treusch said the letter will include next steps. The RCMP has made one arrest in connection with the hacking and continues to investigate.
As details outlining the effects of Heartbleed continue to roll in, the good news is there are actions Canadians can take right now to help prevent becoming the victim of future breaches. And there will be more. Just look at the security breaches that happened this past year, including Target and Apple. Big businesses have been hit, as have everyday consumers. The Internet has become the Wild Wild West, but it’s never too late to saddle up and get your head in the game.
Here’s what you can to make sure you’re protected going forward.
First, make sure you’ve dealt with Heartbleed
You’re going to want to change any passwords for websites affected by Heartbleed, but first you must ensure they have been patched otherwise you risk exposing both your old and new password to the bug. By this point, most major websites have been patched but many are still working to resolve the issue on their servers. Check individual platforms and independent lists to see if a site has provided a status update. If you’re hesitant, confirm with your provider first.
Change your passwords (regularly)
Now is a good reminder to ensure your passwords are updated and strong. Strong passwords contain a mix of lower and upper case letters, numbers, characters, and sometimes spaces. Consider stringing random, unrelated words together possibly broken up by variables. And remember, it’s never a good idea to use the same password for more than one account.
Pay close attention to password reset emails
Be aware of fraudulent emails phishing for passwords by issuing false password reset links. Many hackers have taken advantage of Heartbleed in an attempt to collect additional personal data. Trust your gut and remain skeptical. Always change passwords directly through your provider’s website.
Consider a password manager
Password managers can add an additional layer of security because many offer extra encryption. Managers assign passwords to your individual accounts consisting of random mixed letters and characters in no predictable order, accessible by one master password. While this secures individual accounts, it also keeps all passwords in one place. Think about that. Although many people swear by password managers, do your research and weigh the pros and cons before making a decision for yourself.
Use two-step authentication
Take advantage of platforms that offer two-factor authentication. The additional security feature, which typically involves sending a unique authorization code to your mobile device, helps companies confirm your identity thus better securing your information. It works the same way as taking money out of a bank machine: you need both the card and the pin to get the cash.
Pay attention to account activity
Banks were not affected by Heartbleed, but it’s still a good idea to monitor your accounts and account activity. If you see anything on there that wasn’t authorized by you contact your bank or provider immediately. Also, this extends beyond obvious financials. Platforms such as Netflix were affected, which do include payment information within your account. Pay attention to usage, monitor for any changes, and be sure to report any suspicious activity. Make this a routine thing, especially for any accounts you pay for.
Oh, and did we mention change your passwords? Change your passwords. Even if you think you weren’t affected by Heartbleed, changing your passwords only takes a second and could save you a lot of heartache.
Notice to customers: InsuranceHotline.com was not affected by Heartbleed. Your security and privacy is our first priority. All information provided to us remains secure.
