CybersecurityRisk Management

Lessons in Risk Management from the Equifax Cybersecurity Breach

By October 13, 2017 No Comments

How the breach affects individuals

Because this incident is so widespread—and consumers can’t find out definitively if their information was hacked—individuals should take measures to protect their identity. Here are some steps you can take:

  1. Keep an eye on your credit report. Each person is entitled to one free credit report each year. Monitor this closely to check for any unauthorized accounts or changes. You can also sign up for free credit monitoring from Equifax.
  2. Set up temporary fraud alerts. These alerts can be activated through any of the three major credit reporting bureaus. They require a user to provide additional verification before issuing credit. The alerts are free but only last for 90 days, so it’s important to set them up again after they expire.
  3. Initiate a credit freeze. This prevents any user—whether unauthorized or legitimate—from opening a new loan or account in your name. One thing to remember—if you choose to freeze your credit, you’ll have to lift it in advance to apply for a new credit card or loan.
  4. File your taxes early next year. Identity thieves often wait until tax season to use stolen credentials in an attempt to file taxes under someone else’s name and receive their refund. Filing your taxes early reduces the chance this will be successful.

How the breach affects companies

For many companies, this breach should serve as a wake up call. Cyber threats are increasingly more sophisticated, and assuming they won’t affect your organization is likely to result in a security incident.

Luckily, there are ways to protect your sensitive data, and it starts with risk management. Begin by creating a list of the three worst things that could happen to your data and then figure out a way to monitor for those threats.

Next, we would recommend conducting a risk assessment. Companies are usually aware of what their sensitive data is, but often times there are gaps in how that data is handled and stored across the organization. By conducting a risk assessment, we would look at that information—plus security policies, previous assessments and other factors—to create a list of recommendations for protecting your company’s data.

A penetration test is a valuable exercise that explores what vulnerabilities a potential attacker could exploit. For organizations that use internet-facing web applications, we would also suggest a targeted web application penetration test to find specific vulnerabilities, for which we would then offer a step-by-step guide for remediation.

Cybersecurity is a critical factor to consider in today’s society—both personally and professionally. By taking the necessary steps in risk management, you can prevent a costly breach and protect your customers’ valuable information.

Interested in learning more about our risk assessment or penetration test? Give us a call today.

Leave a Reply