Equifax Breach? What Can We Learn?
Following the hack of Equifax, many companies will try to ensure that they are “unhackable”. This seems like a no-brainer… “why didn’t I think of this before?”
The problem with this thought process is that there is no hack-proof system. There is no catch-all for cybersecurity. If an IT security company tells you otherwise, they are lying.
So, what is a company to do? What can we learn from these hacks?
The 2017 Equifax data breach, that happened between May and July, appears to have been caused by a patching issue. The private records of over 147.9 million Americans, 15.2 million British citizens, and almost 19,000 Canadian citizens were compromised, making this one of the largest identity theft-related cybercrimes in history.
Unfortunately, many companies fall into this trap. Software patching often falls under the radar. You know the patching needs to be done, but it is just inconvenient, and no one wants to take the time.
There are many products that can help streamline patching for not just Windows but other applications. They allow patches to be scheduled and run at optimal times and provide reporting on what systems have and have not been patched.
Take a moment to review your patching strategy and see if there are any holes that need to be filled.
Passwords & Authentication
Passwords, they are probably the greatest and worst creation for IT Security.
You should have a process in place to review your company’s password requirements for employees and vendors. You will be amazed at just how much something can change in a year. You don’t want holes to open in your security that could have easily been resolved with a quick review or process.
Additionally, you will want to implement multi-factor authentications. In most cases, this can be set up in conjunction with smartphones and will allow for a better end-user experience than passwords alone.
I cannot stress enough how important end-user training is to a company’s security.
Any number of systems and controls can be put in place to protect your network and data. It only takes one uninformed end-user to undo all of your systems.
End-user training may be one of the most cost-effective methods of securing data on a network. Solutions from SANS and Knowbe4 are available to most businesses and provide easy and economical trainings for your staff.
While there is no perfect solution to stop data breaches and hacks, there are steps you can take to make it more difficult to break into your network.
Think of it like a home security system. Some intruders will be better at accessing your house than others. No alarm system is foolproof, but the right system will deter most home invaders.
The cost to Equifax for this breach is going to be significant. The hit to their reputation, however, will be far greater and that is the real impact to their business.
Questions about this article? Want more information about data breaches and how to prevent them? Contact JDL Technologies today for a free consultation.