The Equifax data breach has topped the news for many days now. Of course, it’s only one in a long list of high profile companies that have been hacked in the last few years, releasing highly sensitive information to less-than-stellar sources. Target, Sony, even government offices like the Office of Personnel Management have had their share of difficult times. And we all know there’s another one waiting around the corner.
But today, it’s Equifax’s turn at being in the limelight. The FTC states that if you have a credit report, chances are you’re one of the 143 million American consumers that had sensitive information leaked in this latest data breach. That means hackers now have access to your name, Social Security number, birth date, addresses, and in some cases, your driver’s license number. They advise protection tips such as checking your credit report, monitoring your credit cards and bank accounts, even placing a credit freeze on your files making it hard to open a new account.
It’s starting to feel a little “normal”, isn’t it? Big companies are hacked, millions of people face compromising situations because their personal identity information is released, and life moves on.
The companies face civil litigation - not criminal - and they pay. They endure a short public relations nightmare. And life moves on.
But what happens to you?
Corporate giants have the power and the financial well-being to dig in and move on.
Smaller companies, not so much.
We hear about the Targets and the Sonys. We don’t hear about the little guys who wind up closing their doors, unable to survive after an attack. They just fade away.
One of the reasons is we don’t have specific regulation that brings reform to the cybersecurity. While we have Acts that offer financial management and corporate governance over business practices, cybersecurity is an ever-changing world.
With an intricate web of legacy hardware, software, and practices, every business brings something new to the table. Companies running old operating systems have long been prime hack targets. Yet companies continue to run old systems all the time. They do it because it costs money to upgrade, and because their old legacy software won’t run on the latest platform. Why upgrade when the old works perfectly well?
And it’s not just software. When backup data moves off-site, and we turn to cloud-based alternatives, many don’t think twice about the security wrapped around their data. They don’t train employees on acceptable practices, teach them how to avoid phishing attacks, or establish concrete mobile security programs.
It’s just business as usual. Until it isn’t.
So it’s time to ask yourself a few questions.
How secure is your data? Are you operating with old hardware and software that’s easily compromised? Do you have lax security practices? Is your data secure?
It may be business as usual for right now.
Until it isn’t.
