Cybersecurity lessons from the Equifax hack
The Equifax data breach was massive, potentially exposing social security numbers, credit card details, passwords and other personal information for up to 143 million Americans. The credit agency made the situation worse by erroneously sending affected customers to a fake website similar to the one it set up to help victims of the breach.
The fallout from the cybersecurity attack brings to light the relentless nature of hackers in this age of ubiquitous online information. The question remains: What can companies worried about their own cybersecuity learn from the Equifax data breach?
For starters, organizations should be cognizant of the overall threat. A recent study by professional services network PwC found a 38 percent rise in security incidents across all industries since 2015, marking the biggest increase in more than a decade. Last year, hacks impacted the U.S. Department of Justice, LinkedIn, Yahoo, the Democratic National Committee and others.
Cybersecurity should be a regular topic of discussion for companies, particularly those with sensitive information, experts say. Most businesses are under at least some level of threat from hackers. Breaches can occur through elaborate phishing scams or employees mistakenly sharing personal data.
Every organization must be prepared to respond to these eventualities. Any plan should, at minimum, include steps to follow on the scope of the breach, its causes and ways to remedy the problem. Time is also a factor when it comes to detection and response. Equifax waited until September to notify impacted customers of a breach discovered in July. Many state statutes require a cyberattack disclosure within 30 or 45 days from discovery of the breach.
In the wake of a cybercrime attack, a company's best course is to work with affected individuals and identify any data security weaknesses. As most businesses carry at least some personal data - from social security numbers to financial account info - they should consider the types of information stored and how this data can be safeguarded and separated for minimal accessibility.
In addition, cybersecurity insurance is something to consider, especially for companies holding high volumes of personal information. Companies may be skeptical about paying high premiums or whether such protection is even necessary, but the Equifax hack shows the need for organizations to improve their security practices.
"The continuing year-over-year increases in board involvement and investments in cybersecurity is extremely positive, but the percentage of businesses with breach response plans in place - although much improved from two years ago - is still far below where it needs to be," Eric Chuang, managing director of cyber incident response at BDO USA, said in a statement.
OPENonline is a trusted source for comprehensive background screenings. For more information, visit our website.