By now everyone knows about the significant breach suffered by Equifax where 143 Million records were compromised. The scary part of this is the fact that a company such as Equifax (a credit reporting bureau) houses so much sensitive confidential personal information about pretty much everyone in the United States. Information such as SSN, Full names, pretty much every address, loan, credit card owned, as well as birth dates, drivers license numbers and credit scores. It’s a lot. This data could be, and at some point likely will be, used to undermine individuals credit, job status, house buying, credit cards and much more.
On top of the data breach, the way Equifax has handled this (knowing it was compromised back in July and not announcing it until September) has called into a question their ability to handle sensitive data, along with their legal and ethical obligations to the people and the data they were supposed to be protecting. The means by which they also setup the ability to determine if your records were compromised is questionable as well. The whole thing is a mess.
There are some important things for all of us to pay close attention to in order to protect ourselves, our families and our businesses as many credit cards owned by small business owners are directly tied to their individual information. Here are some things to know and do:
1. Setup some type of credit monitoring ASAP. There are a lot of great resources out there and there is no silver bullet, so to cover your bases you would want to consider 2 to 3 different places. Discover offers free credit and social security number monitoring. Credit Karma is a good resource to keep up with your credit information, as is some of the places such as LifeLock, LastPass, etc. Bottom line you need to pay close attention to your credit, not just for the next little bit but forever and always. This is a good wake-up call to how fragile our sensitive data is to breach, and how we are all at risk.
2. Change credit card, credit monitoring, password locker, webmail, banking and any other login passwords as soon as possible, like right now.
3. Pay close attention to Phishing attacks specifically focused on this breach. Our friends at KnowBe4.com has written a good article on this topic and what to be on the lookout for in potential email scams. Some highlights include these 5 things, which go with our two above:
•First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that)
•Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis: http://consumersunion.org/research/security-freeze/
•Check your credit reports via the free annualcreditreport.com
•Check your bank and credit card statements for any unauthorized activity
•If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: www.idtheftcenter.org. You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free.
Some other highlights to consider that may be email scams:
•Phishing emails that claim to be from Equifax where you can check if your data was compromised.
•Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information
•Calls from scammers that claim they are from your bank or credit union
•Fraudulent charges on any credit card because your identity was stolen
As always, the best defense is two pronged:
1. Education and Awareness of you, your team and your family. Making sure everyone is aware of the issues, the risks and to be extra cautious is the best line of defense.
2. Strong security controls such as:
– Strong perimeter firewall, including IDS and IPS
– Strong controls on email spam, inbound and outbound controls including blocking files such as .exe, .vbs, .zip, etc.
– Utilizing strong and secure file sharing services rather than sending emails with attached files. Things such as ShareFile or Auto Task Workplace are great solutions.
– Strong internet content filtering on your network, and directly on your computers. This prevents users from going to known malicious sites, and can many times mitigate against users clicking on links that take them to sites that will compromise their computers or their information.
– Strong desktop anti-virus, and new “Next-Generation” antivirus and machine learning systems that are designed to monitor for malicious and odd behavior
– Strong backups and offsite backups of data in the event data is ever hacked, and encrypted with ransomware
– Audit logging and Security Monitoring Services of key systems such as firewall and Windows servers that handle authentication
If you are unsure if you have any, or all of these, please contact us to learn more about what we do, and don’t provide in your current services – assuming you are a customer of The IT Company.
As always, be safe and be aware of your security.