If the World’s Largest Credit Rating Agency can suffer Cyber-Attacks, how safe is your data?

Equifax took over Veda Australia in February 2016 and are the global leaders in information solutions with a footprint in 21 markets around the world. JSP has sophisticated techniques and equipment to lessen the chance of being hacked. Please read on and contact us to discuss your data safety.

Small and medium-sized businesses (SMBs) are the prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. Think about burglars that go after houses where they know no one is home. With more cybercrime automation and the rise of hacking kits, the cost and time it takes to launch a successful attack have decreased, increasing the amount of cyber-attacks executed.

When it comes to security, it’s better to be safe than sorry. But as the Equifax leak case has taught us, once a security breach does happen, it’s best not to be sorry twice.

What happened to Equifax?

Equifax, the huge American credit agency announced in September 2017 that its database was hacked, resulting in a leak of tons of consumers’ private data, including personally identifiable information of around 143 million US citizens. It included names, social security numbers, addresses, birthdates, and credit card and driver’s license numbers.

Equifax responded by setting up a new site, www.equifaxsecurity2017.com, to help its customers determine whether they had been affected and to provide more information about the incident.

Soon after, Equifax’s official Twitter account tweeted a link that directed customers to www.securityequifax2017.com, which is actually a fake site.

Fortunately for Equifax’s customers, the fake phishing site was set up by a software engineer who wanted to use it for educational purposes and to expose flaws in Equifax’s incident response practice. So, no further harm was done to the already-damaged customers, and Equifax is left with even more embarrassment.

So what did Equifax do wrong?

One of the huge mistakes Equifax made in responding to its data breach was setting up a new website to give updated information to its consumers outside of its main domain, equifax.com.

Why? You first need to know that since the invention of phishing scams, phishers have been creating fake versions of big companies’ websites. That’s why so many major corporations buy domains that are the common misspellings of their real domains.

You should also know that phishers can’t create a web page on the company’s main domain, so if Equifax’s new site was hosted there, it’d be easy for customers to tell whether the new page was legitimate and not be fooled by a fake domain name.

What’s obvious from this embarrassing misstep is that Equifax had never planned for a data leak. And this is an unforgivable oversight by a company that handles the information of over 800 million consumers and more than 88 million businesses worldwide.

Don’t repeat Equifax’s mistake

Whether your business is a small startup or as big as Equifax, it needs to prepare for a data breach. Besides having a comprehensive network defense plan, you also need to have the right incident response plan in place.

You also need to establish a message that includes the following information:

  • How the leak occurred
  • How the leak could affect your customers
  • How you will prevent future attacks
  • What your company will do to support affected customers

You should also create a web page to keep your customers up to date. But remember, the new web page should be under your company’s primary domain name.