From Collector: Taking a Layered Approach
What the Equifax breach can teach you about shoring up your company’s data security.
12/5/2017 6:46:00 PM
The massive data security breach Equifax suffered early last summer compromised the personal information of 145.5 million consumers—60 percent of the adult U.S. population. The negative effects of this event will likely last for decades, and since announcing the breach in September, the backlash against Equifax has piled up: its CEO stepped down and was called to testify before Congress, dozens of lawsuits have been filed against the company and it’s being investigated by multiple state attorneys general as well as the federal government, Collector magazine editor Anne Rosso May reports in the December issue.
Equifax had a responsibility to protect consumers’ personally identifying information, and it failed. But a consumer reporting agency is a big target and that’s likely why hackers pounced…right?
Unfortunately, no. A five-seat collection agency in Smalltown, U.S.A., is just as vulnerable as a giant financial services firm—maybe even more so because small businesses often don’t believe they are even on hackers’ radars.
It’s time to double-down on your data security. Here are five lessons you can learn from the Equifax breach and tips to help you boost your own security efforts.
Assign Someone to Keep Up With (and Implement!) Patches
First, draft a policy that dictates who will keep track of the software products you use, and make sure that person is alerted to any related patches or security announcements.
Put Some Thought Into Your Passwords
Use a unique password for each piece of software in the company and make it as strong as possible: use numbers, capital letters and special characters.
Implement Layered Security Controls
The idea is to put several different obstacles in front of potential hackers, including firewalls, anti-virus software, multifactor authentication and intrusion detection, and follow it up with regular monitoring.
Perform Regular Audits and Vulnerability Scans
You’ll need to conduct regular vulnerability scans and penetration tests even if you think nothing in your business has changed recently.
Vulnerability scans assess your systems for weaknesses or malware and are relatively easy and cheap to do, either in-house or through a third party.
Penetration tests, on the other hand, are almost always conducted by an independent third-party—an “ethical hacker”—who tries to break into your system and access your data.
Create a Breach Response Plan
Think carefully about how you would notify consumers—and clients—of a breach. Your plan needs to be tailored to your operations, clients and consumer base.
And remember, data security efforts are never done—you have to continuously keep moving forward, dodging the risks as best you can.
Subscriptions to the Collector magazine digital edition and email notifications for each new issue are available for ACA International members by logging in here. Members and nonmembers can also purchase a print subscription. Nonmembers can create a guest profile on ACA’s website to subscribe to available publications.
Follow ACA International on Twitter @ACAIntl and @acacollector, Facebook and request to join our LinkedIn group for news and event updates. ACA International members are welcome to submit news items for possible publication to email@example.com. Visit our publications page for news submission guidelines and subscriptions to ACA Daily, Collector magazine and Pulse. Advertising is available for companies wishing to promote their products or services. Be sure to visit the ACA Events Calendar on the Education and Training website to view our listing of upcoming CORE Curriculum and Hot Topic seminars featuring critical educational opportunities for your company.