On April 7, 2014 security researchers reported a security vulnerability that affects a large number of websites, servers, and applications. This vulnerability was nicknamed Heartbleed, and it has been in existence since December 31, 2011.
Here are a few questions we’ve received from clients with our answers:
Q. What exactly is the Heartbleed bug?
A. Heartbleed is essentially an information leak caused by a coding flaw in the Open SSL security feature used by many websites for authentication purposes and to encrypt sensitive information such as passwords. This vulnerability allows an attacker to decrypt information that was encrypted. It allows the attacker to impersonate bank services or users, steal login credentials, access sensitive email, and gain access to internal networks. These attacks can be perpetrated easily due to the public availability of exploitation tools.
Q. Are the Champlain National Bank services I use affected by this security issue?
A. We are pleased to tell you that NetTeller® Internet Banking, Bill Pay, InTouch Telephone Banking, and Remote Deposit Capture are NOT vulnerable to the Heartbleed bug.
Q. Are there steps I can take to protect myself and my information when I am on other Internet sites?
A. Currently there is no software program or service that can be purchased that can guarantee the safety of your personal information. You are your own best defense. Exercise good judgment, scrutinize the sites you visit and consider the following:
Here are a few suggestions:
- Change your password on all websites. This includes email, social media sites, online banking websites, online shopping sites and any other sites where a password is required.
- Check the websites you visit for a statement regarding the Heartbleed bug, indicating that the site is not vulnerable or that the site has been patched to correct the vulnerability
- Turn on account alerts for all of the financial websites you use such as credit card sites and online banking sites
- Ignore and delete emails from unknown sources
- Make sure you are using a robust fraud security/antivirus program
Please know that we take security very seriously. We are committed to employing preventative, detective and mitigation controls to protect the information you entrust to us. If you have further questions, please do not hesitate to contact us.