On April 7, 2014, security researchers disclosed a potential exploit based on a flaw contained in several versions of OpenSSL, a security encryption technology called SSL (Secure Sockets Layer) or TLS (Transport Layer Security). In response to this flaw, Greer State Bank has taken the necessary steps to verify the security of the transmission of information between our customers and the bank as well as between our customers and any third party vendor that services our customers on our behalf.
Security of our customer’s personal information is of primary concern to Greer State Bank and the bank has verified that vendors used by Greer State Bank haven’t been affected by this flaw or are in the process of working to secure and correct the problem.
The information below is intended to detail this security flaw and how Greer State Bank is protecting you.
What is the issue?
The Heartbleed flaw is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows the stealing of protected information, under normal conditions, by the SSL/TLS encryption used to secure the internet. SSL/TLS provides communication security and privacy over the internet for applications such as web, email, instant messaging and some virtual private networks (VPNs).
The flaw allows anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This also allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate them.
Is there a fix?
As long as the vulnerable version of OpenSSL is in use it can be abused. FixedOpenSSL has been released and operating system vendors, appliance vendors, and independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.
What has Greer State Bank done to address the problem?
Greer State Bank systems aren’t directly open to the problem due to the fact that our exchange of information between customers and the bank don’t utilize OpenSSL. However, we have recognized the potential existence with vendors who exchange information with our customers on behalf of Greer State Bank. As a result, we have contacted each vendor who may have access to customer data and have asked them to confirm whether or not they are affected and if so, for an official written response about how they are addressing the security flaw. All vendors have responded favorably and are either not affected, have addressed the flaw, or are in the process of doing so.
What should you do?
Greer State Bank recommends that customers change their passwords on a regular basis to safeguard access to accounts that contain personal information. This is an industry standard “best practice” regardless of whether the user name and password is associated with a bank product or service. Periodically changing your login information adds an additional layer of protection to your login process. Greer State Bank also encourages customers to utilize secured internet connections and to regularly update virus protection software on personal devices used to access the internet.
For more information….
For additional questions, please feel free to securely e-mail us using our website’s Secure Contact Form at www.GreerStateBank.com. We also suggest that if you wish to learn more about the Heartbleed issue, that you visit www.heartbleed.com.