On July 29, 2017 the widely used credit reporting agency Equifax suffered a massive data security breach. Nearly 143 million Americans may be affected as a result of the breach, and vulnerable to identity theft. The breach exposed highly sensitive information including social security numbers, phone numbers, birthdays, addresses, and credit card numbers among other information.
While this breach does not affect SymQuest clients directly, we believe it is our duty to inform you when a widespread data security event occurs.
What should consumers do?
Every consumer needs to be vigilant about their credit report for the next few years. Even if they do not believe anything fraudulent has occurred over the next 12 months, it is still possible for identity theft to occur in future years due to a past data breach. The best way to stay vigilant is for consumers to actively monitor their credit. This can be done by obtaining free credit reports through websites like http://www.CreditKarma.com or http://www.annualcreditreport.com/ and monitoring the activity in these reports.
Another way consumers can thwart identity theft is to "freeze" their credit. This prevents anyone, including the true account holder, from using credit in their name without direct verification using a special separate pin code. Consumers can contact the three major credit bureaus (TransUnion, Equifax, and Experian) directly to freeze their credit. Visit http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/ for more information on freezing credit.
Consumers should also enable two-factor authentication (2FA) on their banking, shopping, and email accounts. 2FA requires an additional step before anyone can login to an account. The second step may be a text to the account holders phone which includes a one time code that must be input online before the user can login. 2FA is offered by most email vendors and financial institutions.
Additional tips for consumers include: monitoring bank accounts, medical bills, and any financial notifications. Consumers should also be cautious when answering calls from unknown numbers. Most institutions will not opt to call account holders directly and will almost never ask for personal information over the phone on a direct phone call.
What if you own a business?
Equifax may be held liable for the breach, especially if there are negative financial ramifications for consumers. As a business owner it will be vital for you to understand how to protect your business data, financial information, and even employee information.
Here are five steps you can take to protect your business from similar breaches:
- Know the law. Statutes like the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to show your business is securing sensitive information in a reasonable manner. Additionally, it's very important to understand the state laws regarding IT security. Your state laws may be more strict than the federal regulations.
- Train your employees. Every employee in your organization is a potential open door for hackers. By training your employees on IT security best practices you are setting up an additional line of defense against hackers. Most breaches occur due to employee negligence. Whether they click on a phishing scam or fall for social engineering, education is key to preventing these threats.
- Secure and backup your data. Set permissions for who can access specific information, and setup a backup strategy for your data in the event of a ransomware breach that would prevent your company from accessing company documents and applications. You may want to consider having an experienced MSP run a security assessment on your business to determine where any potential security gaps may linger.
- Have a plan. Just as you create an emergency plan in the event of a fire, you should have an emergency plan for handling a breach. Understand the period of time you have before you need to notify the police and local press outlets. Get aligned with who your stakeholders are and who should be notified as soon as a breach occurs. You may also consider setting up a formal crisis communication plan which includes helpful timelines, and how you will notify your customers.
- Regularly scan your network for vulnerabilities, and apply any application patches as they are made available. While this may sound like a tedious task, there are some great tools available to assist your IT team with scanning your network for potential vulnerabilities. Contact an experienced MSP to learn how to set up this type of scanning for your organization.
Data security breaches may sound complex; however, preventing them could be as simple as educating an employee or creating a secure password. If you have questions about how to protect your business contact SymQuest today at 1-800-374-9900 or follow the link below to request a comprehensive network assessment for your business.