How has the Equifax Breach affected your business?

Posted by hflournoy On September 25, 2017

Below you’ll find updates on how the Equifax breach may affect you, your staff and your company, and our advice on immediate precautions you can take. The previous 2 emails focused on Security Freezes and Critical Password Updates. Today we focus on 2-step verification and vulnerability testing to prevent cybercrime.

2-Step Verification for Companies?

Computer Experts Group strongly recommends setting up 2-step or two-factor authentication, for all personal and company accounts. 2-step authentication is a method of confirming a user's claimed identity by utilizing a combination of two different components, such as a password plus a one-time code delivered via SMS or a push notification to the account holders mobile phone.

We recommend making a list beginning with direct financial management accounts. Then add accounts that store sensitive information or have a credit card on file or direct link to your bank account.

For each account, set up 2-step authentication (sometimes called verification) if possible. Next, select the highest security options including alerts for all transactions and checking to make sure your contact information is correct. Keep a diligent list of the changes, perhaps in a notebook that doesn’t leave the house or is locked in the office, or use one of the password management systems we reviewed last week.

Download our CXGs 2step workbook

This is just a template, intended for you to customize and expand. Do not store passwords in this sheet. After customizing the list, print then manually enter notes about each account's advanced security settings. This list will help streamline your quarterly cybersecurity updates. Store in a secured location.

_____________

You're Invited

JOIN US WEDNESDAY SEPT 27th at 12 Noon for a live call-in and chat about Equifax Fallout: What’s the ROI of the Solutions for Small Companies?

Our team will be live on the call to answer questions, discuss security options, share our opinions on the latest developments in the story and impacts we’re hearing in the field. If you have a story to share, shoot us an email by noon on Sept 26th and we’ll get you set up to speak on the call.

Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/996224898

iPhone one-tap :
US: +14157629988,,996224898# or +16465687788,,996224898#

Telephone： (for higher quality, dial a number based on your current location)：US: +1 415 762 9988 or +1 646 568 7788 or +1 669 900 6833
Meeting ID: 996 224 898
_________

If you know someone who would benefit from joining our direct email list, please have them sign up here.

____

What is vulnerability testing?

We continue to hear about personal information breaches, releases of credit card info, doxxing (personal information about an individual published on the web, with malicious intent), etc., but you don't have to make it easy for hackers to get that information on YOUR customers, from YOUR business.

Call us to schedule vulnerability testing to uncover areas of risk to your data and computer infrastructure. If you process credit cards or handle sensitive information, we can help you comply with regulations.

We'll uncover security issues such as:

missing critical security patches,
vulnerable passwords,
missing virus and malware protection,
inadequate or non-working backups,
physical situations that could cause extended downtime.

We’ll also perform a customized Network Assessment and a Security Assessment. For businesses that process credit cards, we can add preventive evaluations to our customized Vulnerability Testing, including external penetration testing and PCI compliance. **

Pricing:
a) one-off testing prices are customized for the size of your organization, and depth of testing. (fees can be credited to our monthly service if you sign up for our managed services)
b) scheduled testing for our managed customers.
c) penetration testing** to test how effective your current network and security performs.

** NOTE re: PCI:
PCI compliant penetration testing should be performed by a qualified internal resource or third party. The purpose of penetration testing segmentation controls/methods is to verify that the cardholder data environment is protected from unauthorized access.

Equifax in the News

We Need a Law Requiring Faster Disclosure of Data Breaches—Now
“In a world where one line of faulty computer code can mean the difference between normalcy and chaos, it is often not a question of if, but when, the most sensitive systems will be hacked.” --Slate

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop
" In a non-public alert sent this week to sources at multiple banks, Visa said the “window of exposure” for the cards stolen in the Equifax breach was between Nov. 10, 2016 and July 6, 2017. A similar alert from MasterCard included the same date range." --Krebs On Security

Will the Equifax data breach impact your Social Security benefits? "It's not just your bank account or credit cards you may have to worry about. The recent breach exposed countless Social Security numbers, and with that comes the potential for criminals to mess with your benefits." --USA Today, Motley Fool