The "Heartbleed" bug has sent businesses and individuals into attack mode in order to prevent passwords from being disclosed, personal information from being compromised — and ultimately, assets from being stolen.

The problem, which was disclosed last week, involves encryption software called Open SSL, which is extensively used by thousands of websites. The Heartbleed bug can cause sensitive information stored on servers to be disclosed, including passwords, usernames, personal information and credit/debit card numbers.

The Canadian Cyber Incident Response Centre (CCIRC) released an advisory for website administrators with instructions on how to patch the vulnerability. Security professionals are currently working to patch their systems.

Until the affected websites are patched, changing your password will have little effect as the vulnerability still exists.

Users who believe that they have used a website or service affected by this vulnerability should monitor the official newsfeeds of that organization. Once it is confirmed that the patch has been installed, you should immediately change your login and password credentials.

The exact nature of the bug is complex and it is not clear how long it has been a security flaw.

Many websites quickly applied patches to fix the vulnerabilities. CNet, an Internet consumer technology site, compiled a list of the 100 most popular websites and checked whether the Heartbleed bug was patched. According to the site, Google, Facebook, YouTube, Yahoo!, Reddit, Yelp, Dropbox and others have fixed the vulnerability.

However, as with any hacking threat, you should take the Heartbleed bug seriously and consider following these steps:

  1. Change your passwords. This is a good idea to do periodically, but in the wake of Heartbleed, you should do it ASAP. Use strong passwords wth letters (including capitals), numbers and symbols. Keep passwords long, 10 or 12 characters if possible.

The most important determinant of password strength is entropy. Basically, the more there is to guess about your password, the stronger it is. To keep track of your various passwords, use a password manager. If you don't want to do that, at least memorize a strong password and use it exclusively for your most important digital transactions. The last thing you want is for a hacker to steal your password from a casual site you use.

  1. If you have the option to do "two-factor authentication," take it. This security feature is just as it sounds — to access accounts, you have to type in two factors. For example, it might require a password and then a code sent to your smartphone. It's not available everywhere yet but it can add protection to help keep your data safe.
  2. Clear your Internet browser cache, history and cookies. Again, this is a good idea to do on a regular basis. Exactly how to do this depends on the browser you use but here are some instructions for a couple of popular browsers:
  • For current versions of Internet Explorer. Go to Tools (an icon with gears). Choose "Safety" and then "Delete Browsing History." There you can check "Temporary Internet files, Cookies, History," etc.
  • For current versions of Firefox. Click the Firefox button at the top of the window. Select "History," then select "Clear Recent History." This opens up a pop-up box that asks for a time range to clear. Select "Everything" and check "Browsing and Download History, Cookies and Cache." Then, click "Clear Now."
  1. Beware of e-mail messages promising instant solutions. Unfortunately, when crisis strikes, many unscrupulous people try to take advantage of others. In the coming days, you may receive e-mails that ask you to click on links to rid your computer of Heartbleed. Don't fall for it.
  2. Check your credit card and bank accounts and statements thoroughly. If you see suspicious or false charges, contact the issuer or institution immediately to limit your liability.
  3. Closely monitor your e-mail accounts, social media accounts and other online assets for irregular or suspicious activity, such as abnormal purchases or messages.
  4. Ask businesses that have your dataif they are vulnerable and what they have done to patch the bug.
  5. Check for the "s." After a website you are visiting has addressed the vulnerability, you should ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the "s," as it means secure.

These are general Internet security tips. There is no way to guarantee that you will not be affected by Heartbleed or other attacks but you can make yourself less vulnerable by taking certain steps.

The Canada Revenue Agency (CRA) took the preventive measure of removing public access to online services to protect the vulnerability of the taxpayer information it holds. The Minister of National Revenue confirmed that interest and penalties will not be applied to individual taxpayers filing their tax returns after April 30 for a period equal to the length of the service interruption.

In the U.S., the Internal Revenue Service (IRS) took a different stance saying it continued to accept tax returns as normal. "Our systems continue operating and are not affected by this bug, and we are not aware of any security vulnerabilities related to this situation. We continue to monitor the situation and remain in contact with our software partners," the U.S. tax agency said.