I was going to talk about Word of Mouth Marketing this week, but in the wreck of this week’s Heartbleed attack, I feel that there are more pressing matters to discuss.
I knew that Heartbleed was important, as all of my news sources had been informing, warning and downright trying to scare me into reading/watching everything about it. So it was a big deal, but the general consensus ended up being ‘we’re working on it’ and ‘be mindful, not hasty’, so I was waiting and watching. That is, until yesterday.
Yesterday was a no good, very bad day that culminated in my VISA being declined at IKEA. For anyone who has ever been to IKEA (especially after a move) you know that by the time you make it to the check out line you have made an event of it. You have spent time and effort going through the show floor, pulling giant boxes out of the warehouse and are preparing to spend hundreds of dollars to leave the building. So once I get to the check out (for the second time because, reasons) I find out that my card had been cancelled a couple hours earlier as a security precaution. A couple of hours that I was distinctly not using my VISA in. My card had been compromised. I had been hit by Heartbleed.
And I wasn’t the only one.
Many big name companies like Google, DropBox, Yahoo, GoDaddy and Canada Revenue Agency are only a few of the many companies who have been hit. Here’s an incomplete list of companies who have and have not been affected by Heartbleed and their reactions to it.
So what is Heartbleed?
This article explains it best but in general it is a security flaw that allows what should be encrypted information to be read by hackers/third parties. This information includes names, passwords, credit card numbers among other personal information.
Ok, that’s not good. Am I compromised?
Short answer: Maybe. It’s complicated.
Long Answer: Probably. It depends what information you have shared online, what information your browsers have saved, and if you do a lot of online banking. So let’s go with “yes”.
So what do I do?
Don’t rush out to change all of your passwords yet, as until they fix this problem, you are just giving out more and more personal information. Wait and watch your credit cards. Those that have been hit are working on it, those that haven’t should be fine. But when was the last time you updated your password anyways? When this blows over, it’s a good time to change all of your passwords. All of them. Here are some reminders about what makes a good password.
From a communications standpoint, there are three main reactions and messages that companies are promoting.
1) Assure people that their account has not been compromised.
2) Assure people that while their account has been compromised, everything is being done to combat the threat.
3) Change all of your passwords. But maybe not until we fix the problem.
Those are generally not what people want to hear, and I’m not sure if it’s really working at keeping people calm. But companies really have no other choice until the problem has been fixed. And this isn’t a fix-it-in-an-afternoon sort of problem. So in the interim it’s all about mitigating the damage to brands and reputations. While it is terrible that so many people and companies have been affected by Heartbleed, it is a decent problem from a communications stand point since no one company or person is to blame. No one company has to take the heat of public outrage. Instead of pointing fingers, all there is to do is try and fix the problem.
Heartbleed is affecting more people, companies and systems than you think so CHECK everything! Scotiabank’s systems for example were down yesterday, today and will quite possibly be down tomorrow as well. Joy.
What do you think of Heartbleed? Has it broken the internet? How have you been affected? Let me know in the comments below. Want more communications content sent straight to your inbox every week? Subscribe. Or contact me for a free consultation.