laptop showing lines of code running
Editorial

Don't Be the Next Equifax: Tips to Avoid a Security Breach

4 minute read
Dana Simberkoff avatar
The Equifax breach illustrates why building a layered approach to cybersecurity is critical when dealing with sensitive data

The Equifax data breach affected nearly half of all Americans and hundreds of thousands of others in the U.K. and Canada. The breach, one of the largest in history, released the full gamut of customers’ personally identifiable information (PII), including Social Security numbers, full names, credit card information and birth dates.

But the damage didn’t stop there. The website the credit reporting company launched in September to help customers determine if they were affected by the breach ended up exposing people to even further harm. The site was independent of Equifax’s existing web domain, making it easy to clone — and hackers immediately took advantage. More than 138 fake domains existed by the time Equifax seized complete control in late October.

Equifax (eventually) did the right thing by informing authorities and the public of the breach and the dummy domains. It is even taking additional steps in the right direction, including appointing former Broadcom CEO and cybersecurity expert Scott McGregor to serve on its board and technology committee. 

However, the company’s lackluster approach to crisis management over the past few months, coupled with the fact that it exposed victims to further damage as a result of the fake domains, led to a decrease in its stock price, the departure of CEO Richard Smith and deep hits to its revenue in the current fiscal year. Most recently, it was revealed that Equifax will face a rare 50-state class action lawsuit.

Unanticipated Benefits of Data Breaches

Clearly, Equifax is facing major consequences. But this case can teach us something — it’s a textbook example of what not to do when dealing with a data breach.

With a new breach announced almost daily and the media covering the developing stories in detail, the average consumer has become more security-aware than ever before. As a result, people are doing a better job of protecting their personal information and taking steps to avoid potential consequences like hacked credit cards or fake insurance claims.

While increased awareness is a positive side effect, the Equifax breach left hundreds of thousands of people unprotected. Many people are at least confused, if not beset by unwarranted financial burdens. Thankfully, the national class-action lawsuit filed against Equifax could lead to better protection against future attacks and place responsibility where it belongs — on Equifax.

Learning Opportunities

How to Avoid Becoming the Next Equifax

No company wants to become a household name because of a security failure, so here are a few actionable tips that can help you improve data security:

Understand the data you have and where it's stored

Being aware of the information your organization collects can help your IT professionals create stronger security systems and controls, which will play an instrumental role in protecting your organization from an attack or breach.

Arm employees with the knowledge and tools they need to be secure

Make it easier for your end users to do the right thing, rather than the wrong thing, when it comes to safe IT habits. Specifically, create policies, rules and permissions that make it seamless for employees to do their jobs effectively with the designated systems and controls.

Engage in constant security and protocol education

Train employees on everything — from what they can save on personal devices to how they should share files externally and what potential malware might look like. Integrate IT security training into the employee onboarding process, emphasize it in everyday practices and add it to the agenda of yearly company seminars.

The Equifax breach illustrates why building a layered approach to cybersecurity is critical when dealing with sensitive data. In today’s society, data holds financial value. Therefore, until we devise a way to completely guarantee data protection or find forms of identification that can’t be monetized, we will continue to see a rise in breaches. As Equifax battles severe consequences related to its hack, it’s important to learn from the company’s mistakes and implement better security practices and attitudes every day.

About the author

Dana Simberkoff

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer, AvePoint, Inc. She is responsible for executive level consulting, research and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts and solutions for risk management and compliance.