Investigators have discovered that the Equifax data breach was preventable.
Sensitive information on 143 million people was stolen because Equifax had failed to apply a security patch that was available two months ago. Two executives have now resigned and the company is the target of law suits.
If your systems aren’t patched on time, you increase your risk of being attacked.
Half of all attacks target small businesses.
How to Check if You Are Vulnerable to security threats:
Although the software that was vulnerable at Equifax was not something used on PCs, it points out that allowing systems to go unpatched – even with software that is not core to the operating system – can allow an attacker to gain access to your system without your knowledge. A security scan of your systems can help determine your vulnerabilities. Make sure that all of your software patches are up-to-date. This includes things like Windows/Mac OS, Microsoft Office, Adobe, Java/Oracle, Google Chrome, Firefox, and operating systems. Don’t forget to keep all of your technology updated, including your phones and their apps. Always use a third-party security solution to protect your network/systems. Each of these have a way for users to ensure they stay updated. Many will keep themselves updated, others will nag you about updating. Taking the time to heed those warnings, instead of ignoring them, is going to keep you protected. And always use a third-party antivirus software (not what comes with your computer) that can prevent malicious software from getting on your computer
However, the more obscure applications and devices like Routers, Printers, and other networking equipment and “things” will not update themselves at all. There is also a point where manufactures will stop releasing updates or patches, so be careful not to assume that just because there are no updates, that you are secure. We tell our customers they should be never let their hardware or software get below three versions or years from the current release.
We help our clients manage their IT security proactively. If your are not yet on our Guardian Managed Service Plan, contact me today for a custom assessment to learn how “at risk” you are and what you can do to protect your business.
My information was on the list of what may have been release. Now what? What do we recommend?
Remember: This information will be out there for years. In addition to opening new credit in your name, criminals can file false tax returns and get emergency medical services leaving you with the bill. Depending on your bank, the could call your bank and pretend to be you to transfer data from your accounts. None of these steps below cannot stop these things from happening, so you must remain vigilant. Check your statements monthly. Balance your check book. Call your bank, pretending to only have the information that was leaked (full name, social, phone, address, driver’s license, birth date.
Your first thought may be to sign up for Credit Monitoring, especially the free one that Equifax is offering. However, you may want to reconsider. First, the original text in the sign-up agreement, now removed, waived your right to being part of a class-action suit against Equifax in the future. So, at the very least, this shows Equifax’s intent. Second, it’s only for a year, and this information is going to be out there forever, so a year isn’t going to cut it. Third, the protection company is a subsidiary of Equifax, and this company’s existence in the future is in question after this debacle and the potential criminal acts of its executives. Fourth, any credit monitoring is going to cost you between $5 and $25/month. So what is the alternative?
You should be doing this anyway. However, Consumer Reports recommends not going with expensive Credit Monitoring and simply pulling a credit report from each bureau once a year. You’re allowed to pull one report per year for free. So instead of going to annualcreditreport.com and getting all three at the same time, one can stagger them in such a way that you’re getting a report every quarter. Now, they don’t make them easy to find, because they want you to sign up for credit monitoring or use the all-in-one report, so we have linked them below.
If you ever find or suspect something suspicious going on with your credit, you can place a Fraud Alert on your credit. Again, free, but it’s temporary – Only 90 Days for the initial alert. The great thing is that you only need to sign up on one of the bureaus and it will notify everyone. Link below.
If you’re really concerned the only way you may be able to get some sleep at night may be to Freeze your credit.
Transunion https://www.transunion.com/product/trueidentity-free-identity-protection Free basic monitoring/reporting/locking, no card required. Easy lock/unlock.
Experian https://www.experian.com/ncaconline/freeze Be sure to keep your PIN. You won’t be able to unlock without it.
Equifax https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp Be sure to click the “view PDF” and keep your PIN. You won’t be able to unlock without it.
Innovis https://www.innovis.com/personal/securityFreeze You will get a letter of confirmation. Keep it.
Be sure to have your previous address, and knowledge of payments to your larger accounts like Auto and Home Loans. This is because these sites will confirm your identity by asking you to verify the range your last payment fell within.
P.S. Please share this alert with your friends at other companies. We might be able to save them from being a victim.