September 18, 2017
Here we go again, another major breach of private data. This time possibly impacting 40% of the people in the US. Someone, or perhaps several someones, may now have my name, Social Security number, birth date, address, credit card numbers and possibly my driver’s license number; and yours too. What to do now? The first thing you should do is log onto the Equifax site to see if you may have been impacted. Go to https://www.equifaxsecurity2017.com/potential-impact/ and type in your last name and the last 6 digits of your social security number.
What next? Do you sign up for a LifeLock type program? If you aren’t already on one, you really should be. Or do you just throw up your hands and assume there’s nothing you can do about it? I refer to this as breach fatigue. It’s a malady that we cannot afford in business.
Rather, this latest breach should renew our commitment to ensure that we are taking logical, appropriate measures to protect the data of our clients and employees. If you are using the same procedure for managing your IT systems that you used three years ago then you should already know that you are playing with fire. The only way to protect your network is to be certain you have implemented a layered security system. You need to be confident that your systems; all of your systems, not just servers but every endpoint including PC’s, tablets, laptops and smart phones must be proactively managed and monitored. Security patches and updates must be applied soon after their release.
Your staff must be educated through quarterly training on how to spot and thwart phishing attacks. Hacking is not just accomplished through technical means, like the Equifax breach, but also by social engineering techniques as was the case with Anthem. An employee clicked on a phishing email and caused 78 million medical records to fall into the wrong hands. Protecting your data isn’t cheap, but the alternative can be even more costly, affecting your business and your reputation. If you have been putting off your personal or business information security, this should be your data protection wake up call.