The month of October sure brings a lot to celebrate for us Canadians. Whether it’s feeling gratitude with family and friends while celebrating Thanksgiving or dressing up to celebrate Halloween by devouring all that sweet sweet candy during the whole month of November (or in 2 days….no one is judging). But if there is another celebration the month of October brings, it is for our hard working businesses to celebrate being ransom free!
In fact, October is the National Cyber Security Awareness Month! What that really means is that all businesses should be taking a moment to evaluate whether their current solutions in place to combat ransom ware will keep their systems safe while keeping business running. This is particularly very important for the hard working small and mid-size businesses that operate lean and do not have dedicated in-house IT departments working 24/7.
But then again, sometimes even with dedicated in-house IT and billions of dollars, one fatal error in its cyber security practice can cause that company to become an example of what not to do when it comes to protecting yourself as a business and your customers. The company that all business owners can learn from in this instance is Equifax.
While most of us have been busy with the October celebrations, Equifax has been struggling with their data security breach that wreaked havoc within the company. Here’s what happened: cyber criminals attacked Equifax systems between mid-May and late July causing a data breach that affects 145.5 million people in the US and about 8000 Canadians.
So what went wrong? Clearly, a multi-billion dollar company like Equifax must have invested in the most robust of technology solutions available through their world-class IT services provider (in-house or external)…Well Equifax was alerted of a software breach in March 2017, however, according to former CEO Richard Smith, they failed to fix the issue due to “both human error and technology failures” that resulted in the data breach. Although a repair was released, Equifax failed to install it immediately, giving hackers an opening to break into Equifax’s computer systems.
And why is this a problem for a multibillion dollar company like Equifax? Surely, they can afford to pay their way out of it right?
Wrong. For Equifax, losing a chunk of money whether from offering free identity theft protection products/services to consumers, hiring lawyers to represent them in the legal battles, or through loss of future customers, may be just part of the problem. It is having to turn around the bad reputation and earning the trust of the public back is what will make things extremely difficult for Equifax in the future. Earning this trust may in fact be the worst of its problems.
If Equifax was proactive in May, perhaps they could have avoided all these challenges that they have to go through now. So, the real question is, what are you as a small or mid-sized business doing to protect you and your customers? Are you being proactive in terms of monitoring your systems? Are your employee adequately trained to handle potentially infected emails or other correspondence? If your answer is no or “I don’t know” to any of these, then I sure hope you have set aside a big chunk of $$$ to deal with the aftermath of a cyber security breach. Alternatively, talk to your IT provider or contact us for a free 30 minute assessment!