Powerful reminders about protecting your organization from a data breach.
The Equifax breach has all the indicators of being the most costly data breach of our times. Over 143 million individuals affected, international impacts, poorly handled communications and distributing wrong information during the initial days after the announcement. It is really no wonder the stock price has dropped more than 30% from its high – and that is before the total cost of the breach is known.
The initial report is that Equifax was warned of potential vulnerabilities in their internet facing environment and either did not fix or thought the vulnerabilities were fixed but never followed up. The initial vulnerabilities were used to gain access to the environment and then several additional (not all are public yet) methods were used to maintain access, gain greater internal access and identify additional areas of interest to attack.
We can learn from this massive data breach. Protect yourself and encourage your employees to protect themselves appropriately. Many guides and recommendations are out there giving you advice on protecting your credit and identity. Use several layers of identity monitoring and protection, stay vigilant and be careful who you trust.
Your organization can take the following actions to apply basic/early lessons learned from the breach:
- Implement vulnerability management, particularly external vulnerability scans, so known vulnerabilities can be quickly identified and fixed. It is critical to perform vulnerability scans on a regular schedule – and then use the results to protect your environment.
- Layers of protection and detection are needed so that when one layer fails or is compromised, the other layers will at least give an indication something odd is in progress. Test the layers, make sure they work and are performing as designed.
- Plan out your incident response and breach response carefully. Incident response planning can be done internally, but regularly test and make sure the plan includes escalation to breach response. Breach response is a collaboration between cyber security, legal counsel and your cyber security insurance provider.
Do what you need to do to protect yourself, but consider the three areas listed above to protect your organization. If you need information or assistance with cyber security, please contact one of RubinBrown’s Cyber Security Services Group professionals at any time.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.
All Business Advisory News Cyber Security Advisory Overview