First, we want to update you; our customers, that the BrandProtect’s servers are not at risk from the “Heartbleed” threat. We run on Windows Server platform which is unaffected.
It is already being called “one of the biggest security threats the Internet has ever seen” and it might not be an exaggeration; almost 66% of the internet might be affected1 by it. Given the massive amounts of media attention and online mentions about Heartbleed, criminals have the perfect opportunity to scam unsuspecting victims. We have seen this happen time and time again after any major natural disaster, major security threat, the death of a celebrity or major historical figure; just think back to the Target hack aftermath.
Criminals know people are hungry for more information and are more likely to click on a link without giving it much thought, especially if these links seem to be coming from an otherwise trusted organization a.k.a. your company. Adriana Munoz-Tayraco, Social Media Manager here at BrandProtect, reveals that “Criminals will take advantage of current events with phishing and malware email, and socially engineered attacks as confusion and misinformation are usually highly present in the immediate aftermath.”
With this in mind, here are some things your company can do to minimize the potential impact on your reputation:
1. Upgrade your systems as soon as possible if they are vulnerable to the recently uncovered "Heartbleed" bug. This is of a special importance to Financial Institutions as was warned by U. S. regulators. Information on how to check for this vulnerability and what you can do to patch it can be found on the recently created heartbleed.com
2. Consider telling customers and administrators to change their passwords. Keep in mind phishing attacks typically use the same tactic to get a user to provide them with access to their accounts claiming they can “protect or remove the bug”. Remind your customers to only respond to legitimate emails from you and to never provide any personal information via email or over the phone. Provide a direct phone line or email account where users can report any phishing activity.
3. Keep your employees informed on the steps you are taking to protect private information so that they can relate these to clients and other personnel. When communicating with your clients about possible security threats, coordinate with all levels of the organization so that the messaging being distributed is consistent with your official response both offline and online.
4. Pay closer attention to your social media monitoring tool via your social media studies to monitor for mentions of your brand or your customers’ information being sold or displayed and mitigate when needed.
5. Remember that your social media platforms could have been compromised too. Make sure you are checking the associated email accounts for emails from these sites recommending a password change. A list of vulnerable sites can be found here, but remember that unless they have already patched their servers, a password change will not help.
As more information becomes available and more people react to the HeartBleed bug news, we could see an incremental amount of phishing scams, brand impersonations and negative social media talk online. As with any internet threat emergency plan, being proactive and preparing for the aftermath is just as important and setting up those first barricades.
Is your company concerned about the Heartbleed bug? Are you prepared for to deal with the potential risks?
image source: heartbleed.com