Author: Victor Shadare
Renowned security expert Bruce Schenier described Heartbleed as “catastrophic”, explaining that “on the scale of 1 to 10, this is an 11”. This is no overstatement. The malicious bug affects thousands of websites which hold extremely sensitive information, including digital financial services platforms. So what can financial services providers do to help their customers safeguard their finances not just in the midst of a major security breach, but the rest of the time as well? Victor Shadare, information security officer at Intelligent Environments shares his insight.
Firstly, as with any security attack, communication is vital. While customers will be tempted to immediately change their passwords, financial services providers should ensure they don’t do so before the vulnerability has been resolved. Providers can help their customers by providing clear and regular updates until the green light can be given for changing passwords.
Moreover, while the Heartbleed bug has shone a spotlight on password security, digital financial services users need to remember password vigilance should be maintained year round, not just in the event of security breaches.
Last year, we found a quarter (25%) of digital financial services customers used the same password for a range of sites, while the same number admit to writing down their mobile and online financial services passwords as they have too many to remember. One of the most worrying facts is that ‘password’ remains one of the most commonly used passwords. The most effective way to protect log in details is for customers to regularly update them. Financial services providers can help customers by reminding them to do so every three months.
The good news however, is that as technology becomes increasingly sophisticated and innovations like biometric authentication become more widespread, the days of the traditional password are numbered. Until then however, financial services providers can direct their customers to useful password management tools such as Norton Identity Safe and McAfee’s LiveSafe.