Sample Security Awareness Message for Heartbleed

Secure Mentem believes that security teams should take advantage of security stories that become major headlines. It not only helps your employees when they need it, it makes the security team relevant to the employee’s home and work lives, without any negative implications. Please feel free to use this message to distribute to your organization.

What is Heartbleed and What Does it Mean to You?

You may have heard that there is a new Internet vulnerability that can lead to the compromise of website accounts. The Information Security team wants to take a quick moment to let you know how you may be affected, and what actions to take.

Heartbleed is the name of an Internet vulnerability that involves how data is encrypted. While you will not be aware if a website is vulnerable or not, approximately 2/3 of all websites are affected. So, you should assume that any website was vulnerable. Given the nature of the vulnerability, an organization is not even able to tell if their website was hacked.

While all of this sounds ominous, organizations are rapidly fixing the problem. Major websites will have already fixed the problem. Smaller websites may not be as diligent in updating their system. OPTIONAL SENTENCE: If you want to verify whether or not a website is secure, you can go to the following link and enter the website that you are concerned about: http://filippo.io/Heartbleed/

While you are probably not affected, it is recommended that you change all of your website passwords as soon as possible. It is recommended that you change your passwords every 30-90 days on all of your accounts anyway. Heartbleed should serve as a reminder to do this now.

If you have questions about Heartbleed or any other security concern, please feel free to reach out to the Information Security team at any time. You can reach us at _______________________. We are here to help.