What actually happened?
From the middle of May to July 2017 user’s sensitive information was exposed in a data breach at Equifax. Equifax is one of three major credit reporting agencies in the United States. If you have ever had your credit checked, as you likely have, you could be one of 143 million Americans whose data was accessed by attackers. The majority of data exposed included name, address, social security numbers, date of birth, and driver’s license numbers. However, approximately 209,000 people’s credit card numbers were exposed as well. The breach was a result of a known vulnerability in their web application. Patches that would have prevented the breach were made available in March. Through what appears to be simple negligence, the patches were never applied. Hackers took advantage of the situation and have created a worst case scenario for Equifax and millions of users.
What can you do?
In this instance there isn’t much the end user could have done to prevent this breach. Security patching is so important when it comes to avoiding these types of events. Had Equifax applied the necessary patches to their web application none of us would have anything to worry about. This is why Infinity ensures all of our client’s endpoints, both servers and workstations, are up to date on security updates.
In the shadow of such a widespread breach, it does force to think about what we can do to protect our information online. With the best antivirus software and a fully up to date computer you are completely vulnerable to social engineering attacks. Social engineering attacks include any communication from a would be attacker who tries to persuade you to provide information or perform some action that is not in your best interest or the best interest of your company. This communication may come in the form of a phone call in which they ask for personal information or it could be a phishing email with a link to reset your password. This link, however, takes you to a website controlled by the attacker who will steal your information. Often times they will use this information to impersonate a CEO or CFO and request money transfers to accounts controlled by the hacker. Best practice to be sure you are following your company’s protocol at all times and never open any attachments you were not expecting. Also, be sure to pick up the phone and call to verify any requests before taking any action or providing information.
Infinity believes strongly in the importance of security awareness and training. So much so that we provide this training to all of our I-Support clients. If you would like to schedule an on-site training please reach out to us at 478-475-9500.