We’ve all watched with concern the Equifax breach unfold with nearly half of all US adults’ information potentially impacted. From this crisis, there are key lessons all of us entrusted with consumer data should learn.
Lesson 1: Not every breach is preventable but there are steps you should take to mitigate risk
The Equifax breach occurred through a known vulnerability for which a patch was made available in March. The breach did not occur until mid-May – making it completely preventable. This crisis highlights the importance of a strong endpoint management and compliance maintenance program. Every organization responsible for protecting consumer data should have a patch management policy which includes the regular review and application of published security patches in a timely manner. Given the sensitive nature of the information we handle, it is critical that your organization remains vigilant. While many organizations have their IT department handle this critical function, many also choose to outsource to security experts like TECH LOCK.
Lesson 2: Data security should include multiple layers of protection
It is not possible to prevent all breaches but you can help limit the impact by implementing multiple layers of protection around the data. Potentially compounding this breach is that it appears Equifax did not encrypt the data. All sensitive data should be encrypted at rest and in transit to provide another layer of defense.Those with malicious intent are increasingly sophisticated and layers of protection will minimize damage even if there is a point of failure.
Lesson 3: Audit and test your processes and systems
The third lesson from this breach is the necessity of ongoing audits and penetration testing. You don’t know if your data is secure unless you are consistently monitoring and testing your processes and systems. Hiring a qualified independent auditor such as TECH LOCK enables your systems to be assessed to ensure you are following security best practices.
TECH LOCK also offers penetration testing whereby an ethical hacker attempts to break into your system. If vulnerabilities exist, this enables your organization to remediate before a breach occurs.
To learn more about endpoint management, compliance maintenance and penetrating testing, click the link below:
|Download the IT Data Security Best Practices Guide|