As you probably have heard Equifax was hacked and up to 143 million people have had their Social Security numbers and other data stolen. Aside from the fears and problems this brings about, Equifax is a company that along with two other credit data storing organizations, controls your financial future which puts you in a risk management mode. Do you freeze your credit with them? How do you find out if you were affected? With that many affected users, if you have a credit score, you probably were affected. Make sure you visit their site to get the latest information.
The other question at stake is how good was their security? Many internal IT teams struggle to maintain a budget that allows them to meet growth challenges and struggle further when they ask for additional funds to shore up security concerns. Sometimes those concerns are easily fixed with patches that are readily available to download and install to protect yourself, but Anti-Virus and Firewalls aren’t going to catch all the threats as they come along. It’s simply impossible with so many new attacks developed daily.
UPDATE: Today it was announced that it indeed was a patch released in March almost two months before the attack in mid-May occurred. Sad times for Equifax as this is going to affect most of us and has created a huge issue where most of us will have to monitor our credit reports actively week over week to stay ahead of any trouble.
Another attack, unrelated but chilling, is that the Argentina division of Equifax had a firewall connected to the internet that had the default username and password still assigned. A router like what many of us have in our homes was in use and the login which can be made from anywhere in the world was left as “admin” as the user and “admin” as the password exactly how it’s shipped from the factory. It’s difficult to come up with a scenario that many of us face daily that would paint a picture of how bad this is. It would be akin to a key fob for your car coming in from the factory with a default passcode and the dealer didn’t change them, they simply handed you a fob and you drove off only to find out later that fob opened several other cards like yours. You simply could walk the parking lot clicking your key fob and cars would unlock all around you. The only other difference is you can find those routers much quicker scanning the entire internet from a basement rather than driving to a parking lot to find a similar vehicle.
Basic security is just that, default passwords and patches should be the very least we should all practice whether at home or work. In today’s connected world security through obscurity just doesn’t work. We can’t depend on the fact that billions of connected devices will hide us from predators when they can scan millions of devices per day to see if you forgot to change your password upon installation. It’s forgivable at home where many non-technical individuals are learning to live in a rapidly changing technical environment but in the workplace, with companies protecting private individuals’ personal information there is no room for a mistake like this. Two hacks to Equifax in the same week is the biggest news in security this week. I hope it’s the worst thing we hear about for years to come but it’s not likely to occur.
Business owners and executives in charge of their infrastructure should seek to shore up their internal systems. There are affordable ways to deal with monitoring and controlling access that don’t have to eat up revenue and profit. Consultants and Managed Security Services are great at sharing costs amongst all their customers to provide a service that would go far beyond most SMB’s ability to support.
For now, let’s look ahead and start thinking how we can all help to mitigate disasters like this by asking organizations we trust and work with how they are handling security to protect your data stored on their servers. By demanding security for our information, it will become paramount for organizations to protect their environments more carefully. Until then keep checking your credit report until the end of days if you’ve been exposed. There just isn’t a good ending to this story, or an ending at all.