The largest consumer breach of all time – until now comes to us courtesy of Equifax. Americans think criminal hacking is the greatest technology risk to their health, safety and prosperity and they are right. What makes this breach so bad is this hack of the personally identifiable information (PII) of 143 million people will result in breaches related to this information for years – potentially decades to come.
In real-world terms, your bank and most other organizations you do business with use certain information to ensure you are you when you call or interact with them online. This information for over one-hundred-million of us is now out in the open.
If this news isn’t bad enough, there are countless Equifax phishing scams to look out for now as well.
We could go on and list how this has been the worst year ever for cyberbreaches but you likely know that by now.
Perhaps this is a harsh statement – but the pain and anguish which will be inflicted upon the masses will be never-ending.
It is tough to come up with a punishment which fits the magnitude of this crime.
Sometime back we wrote that luddite CEOs will be fired. Our focus was more on how today’s companies need to gear up with a slew of Silicon Valley-like competitors but its worth pointing out cyberhackers can be just as great a threat to your organization.
No company is perfect – no security is impenetrable but Equifax made it too easy for the hackers.
How can you prevent similar attacks? There are a few ways to reduce the chance this situation can happen to your organization:
- Have an expert IT consulting firm or someone who knows what they are doing check your servers and systems to ensure they are secure. This needs to be done frequently.
- Have auditing and documentation done of your systems by someone other than your internal or current IT team. The worst thing you can do if your business is important to you, is to say the following: (A) I pay my IT team a lot so they know what they are doing. (A) My IT team works for a Wall Street (or other prestigious institution) firm so they know what they are doing. A second opinion is always good to get – to be sure you are cybersecure.
- Understand the vendors you work with can be the weak link in your cybersecurity culture. You need to ask questions of potential partners. Find out who they use to secure their systems – is it an inside person? An MSP? Are they using anomaly detection to check continuously for breaches? How often have they been hit with ransomware? Do they have a solid strategy for disaster recovery in place? Ask your vendors for the answers to the above questions. If they stare at you with blank faces, tell them to come back when they know what you mean and can prove they have buttoned up their business.
- Cybersecurity training is crucial to every company these days as employees are the weakest link in your organization.
If you run a Fortune-class company, get the opinion of outside firms, don’t rely on your internal team alone. Do this often. Budget for it. Protect your customer’s PII.
The days of relying on an information technology department or just the CIO or CSO are over. Cybersecurity is more of a business issue than IT, its just many companies haven’t realized it yet.
One last thought. If Equifax isn’t the straw that breaks the camel’s back it is pretty damn close because sooner or later the government is going to institute harsh penalties for executives who don’t secure their technology adequately. Corporate execs would do well to stay way ahead of these trends.