Data security is a topic that has come to the forefront of public knowledge in recent years. Unfortunately, as with many pre-eminent technology issues, you don’t really hear anything until something goes wrong—this is very much the case with what is probably the single worst data-breach in history—Equifax.
Some of you may remember when Yahoo was compromised in 2013 and again in 2014. These two attacks combined exposed personal information of an estimated 1.5 billion users. Think about the kinds of information that might be exposed if an unauthorized user, a hacker, had access to your Yahoo email account. Compared with 1.5 billion, the 143 million Equifax accounts compromised recently seems almost paltry by comparison. Here, however, is where a security breach hinges not on how much data was compromised, but on the type of information.
Consider for a moment the kind of information you have to give to Yahoo, Google, or Facebook, in order to sign up for an account. First and Last name, an email address, and a password—and that’s about it. Now, think about the type of information you have to give a company access to receive your credit report: your full name and address, your social security number, birth dates—in some cases driver’s license numbers. The full scope of this breach is far more significant than any that has happened in the past. All of that personal information could be used to take out a loan in someone’s name, open a bank account, or a line of credit. In short, breaking into Equifax is as good as stealing the identities of 143 million people. Security experts believe that the 143 million Equifax accounts that were breached account for roughly 44% of the US population.
The next, perhaps obvious question is: what does this mean for me? If you believe your information may have been compromised, you can sign up for identity theft protection and credit file monitoring on a website Equifax set up here: https://www.equifaxsecurity2017.com/
It may also be advisable to call one of the three major credit reporting agencies and ask that a 90 day fraud alert be placed on your credit. This process is free and requires lenders to contact you if someone (including yourself) tries to apply for credit.
As the dust settles from the Equifax breach, one thing has become abundantly clear—for such a large company with access to extremely sensitive customer data, Equifax’s security was laughable. For the SMB owner, the takeaway should be that security of sensitive client data should not be taken lightly. Invest in a hardware firewall. Ensure that some form of authentication is forced when employees access sensitive data. Two-factor authentication may also be required, depending on the type of data you have to secure. Security of sensitive customer data is not something that should be handled by someone inexperienced. For this and other compliance related questions, seek the assistance of an Information Technology Professional.
Mythos Technology is an IT consulting and management firm that provides Managed Services including hosted cloud solutions. For more information, please visit www.mythostech.com or call (951) 813-2672.