Hackers successfully acquired access to 143 million individuals' Social Security number, driver's license numbers, and credit card numbers. Equifax's breach affects nearly half of the U.S. population.
The details of the breach will take months to unfold. However, there is a high likelihood that the breach was the result of negligence of a third-party service provider and/or employee.
Hackers are increasingly targeting service providers of large companies at an alarming rate. It only takes one click to bring the services of a company and its strategic partners to a halt.
During a breach, their efforts will immediately shift from growing their company to saving it.
Most believe that having the best firewalls in place will mitigate this risk, but in reality their most vulnerable firewall is the human firewall. Security training and awareness must be continuous to keep up with ever-evolving threats. Especially since hackers are always one day ahead of the firewalls that protect you.
WHAT INDIVIDUALS CAN DO:
- See if you've been affected: Equifax created a website consumers can check to see if their data was breached, www.equifaxsecurity2017.com. The company said it would offer a free year of service from its subsidiary, TrustedID, which monitors credit reports from Equifax as well as Experian and TransUnion, along with offering identity theft insurance and internet scanning for social security numbers. Equifax will also send direct mail notices to consumers whose credit card numbers or personal information were impacted.
- Freeze your accounts: Freeze your credit report accounts at all three credit bureaus. This restricts access to your credit report, which helps prevent other credit card companies accessing it to open up new accounts.
- Protect your bank accounts with two-factor authentication: Alert your bank and companies overseeing any other financial accounts that your personal information has been compromised, and strengthen passwords with two-factor authentication (password and confirmation via phone number).
Data breaches may also lead to phishing scams: Companies should never ask for a full social security number or driver's license; they should instead confirm your card number, zip code and one or two security questions.
WHAT COMPANIES CAN DO:
- Improve your Human Firewall: Security Training and Awareness programs should be continuously updated to include ever-evolving phishing threats. Users with access to critical data and systems should know to exercise caution when opening email and clicking on links, even if they appear to come from legitimate sources.
- Keep your systems secure: Systems should be patched with the latest security updates. Once the technical details of the breach emerge, find out if your systems can be exploited with the same methods and harden them.
- Contact UHY: If your business has not conducted Security Training and Awareness exercises or is unable to verify the patch level of your systems, please contact the Cybersecurity professionals at UHY Advisors to arrange for a brief overview of how we can help.