CISO Suggestions for the Equifax Breach
By now, most people are somewhat familiar with the facts of the Equifax data security breach. Millions of people had their social security numbers, credit card numbers, addresses, and other personal information stolen.
The aftermath has been one of anger, confusion, and a feeling of extreme anxiety – not only among consumers but among other organizations that handle sensitive information.
If a company like Equifax – the oldest of the three biggest consumer credit reporting agencies – can be subject to a breach, what does this mean for other organizations?
Thankfully, there are steps every organization can take to prevent their information from being exposed.
First, let the Equifax breach serve as an example and a warning. The question that every organization should currently be asking is this:
What happened to Equifax and are we susceptible?
Many organizations likely are hearing this question, both from their management, as well as their clients. Here are three important tips to providing answers and reassurance, as well as taking concrete steps to back up those words with action.
Tip #1: Make sure you have accurate information sources.
The Equifax story has been ever-changing as details emerge on exactly what happened and when. Unless you’re following the situation closely, it can be easy to fall into the trap of misinformation and a complete misunderstanding of how and why the breach occurred.
Because of this, make sure your team is using valid information and news sources to keep tabs on the facts. In this day of “fake news,” this is more important than ever. Also, monitor the news closely to keep informed of any new developments.
By doing this, you’ll be able to better understand exactly what happened with Equifax and how it pertains to your organization…which brings us to the next tip.
Tip #2: Understand how your organization may be susceptible.
Unfortunately, organizations that suffer data breaches act as case studies for other organizations to know what they may be doing wrong. In the Equifax breach, the attack occurred via a third-party Equifax partner that also had access to all of the credit monitoring giant’s private data.
The lesson here is for organizations to pay close attention to third-party or vendor security management. Map out all of your security processes to see how effective they are in your environment and if a third-party could be the weak link that creates a devastating breach.
Tip #3: Build a story cheat sheet.
Consistency is key when it comes to communication with management. It’s important that all members of your team are on the same page as far as understanding the Equifax breach and what you are doing to mitigate similar risks in your organization.
Create a one-page cheat sheet with bullet points that highlight the important facts of which management needs to be aware. This can also be a wonderful opportunity to reach out for additional funding or resources to help shore up any potential security risks.
Equifax one-page facts sheet.
To ensure you and your team are prepared to give a consistent answer when you are asked about the Equifax breach, download our one-page facts sheet.
CISOSHARE’s President and CEO
Mike Gentile has been helping organizations build Information Security Programs for more than 20 years. He has written multiple recognized books on the subject, provided hundreds of presentations, and built many Security Programs in both internal and external consulting roles