Equifax, one of three major agencies people turn to for credit reporting, suffered a massive data breach this week, with over 140 million people’s personal information—including social security numbers and credit card numbers—put at risk. Investigations are ongoing and many details have yet to surface about the full consequences of this breach. But one fact we already know presents a few lessons to learn about IT security and consistent vigilance.
What’s striking about this particular data breach is not necessarily that it happened or even how it happened, but rather for how long it happened. According to CNN, Equifax suffered the breach from mid-May to July , discovering the breach on July 29 and making the news public on September 7.
That is almost an entire summer of vulnerability.
It’s easy to think of a data breach as a one-time event, putting the affected company at risk for a workday and causing residual headaches for maybe a week. But when IT systems aren’t regularly audited for security and layered stopgaps aren’t put in place to mitigate the damage, even significant multinational agencies like Equifax can remain vulnerable for months. How can you make sure you’re not caught sleeping at the wheel when the time comes to put your data security to action?
Audit Early, Audit Often – According to a study by Vision Solutions Insights, almost half of surveyed professionals audit their IT systems for security annually or even less frequency. Considering how sophisticated cyber-criminals have become and how frequent security events like Equifax seem to happen, this is unacceptable. An outdated system or plan removes any challenge hackers may face. And when it can take up to a year for an organization to act on their outdate infrastructure, the consequences of that inaction could multiply exponentially.
Don’t Stop at One – The most secure physical structures don’t rely on one layer on integrity. Make sure the structural integrity of your less tangible data and technology stays strong with multiple layers of resilience. Your multi-faced approach should address the vulnerabilities and strengths of the following areas:
- Port/IP Address
- Exit Point
- File Security
- Field Security
- Command Control
- Object Authority
That’s right: the integrity of your data depends on all of these layers, with even one neglected layer potentially being the only open door malicious actors need to capture sensitive information. Learn more about the importance of layered security in our white paper.
Communication is Key – In the unfortunate event that your organization suffers a security breach, there’s no need to exacerbate the issue by hesitating to inform the public. Any security event will understandably test the public trust, but you could suffer even more PR damage by withholding significant news for any amount of time. Acting fast isn’t just for IT administrators. Executive staff, retained PR agencies and any other public-facing entities in your organizations must stay on the ball to deliver the “Who, What, Why, Where and When” people need to know.
Learn more about what you can do to modernize your IT security infrastructure by viewing our on-demand webcast on the state of IT security with special guests from IBM and reading our white paper on data breaches .