It is so sad to say this data breach happened in Mid-May; did not even discovered it until July 29; and then affected individuals have not officially been told yet.

Here is the official word from Equifax about the incident:   https://www.equifaxsecurity2017.com/

So here is what comes to mind for me:  Does this affect me personally?  If it does, what do I need to do...  what can I do to minimize my risk.

Am I affected:  go to this website, https://www.equifaxsecurity2017.com/potential-impact/  enter your last name and last 6 of your SSN.   Equifax will tell you if your information was in the database.

I put my credentials in with my hyphenated last name, no hit; used just the married name and they indicated I am included in their breech; It then reported... you can sign up in 3 days at our sister company...  hmm... I don't know about you but... if it took them 2.5 months to find their own breech... I am not sure I need them to look after me!  So I started thinking about options...  I know at least one of my insurance policies include some monitoring services, so I called them.

As a technology company, we strongly recommend that you have your personal information monitored.  No company can “bat 1000” at this, but there are a number who do a very good job.    Here is a link to get you started:  http://www.reviews.com/identity-theft-protection-services/    We cannot make a categorical recommendation, but that link lists can help you chose the solution that is best for your preferences.

So here is the business side of me:  What can we learn from this?

2 things...  Yes I realize that Equifax is a huge corporation and they are in a different league then you and I; right?  they have a lot more money to put layers and layers of security in place... and it still broke them.  So what does this mean for us "little" guys?  We must be diligent.  We must keep security at the top of our mind!  Fortunately we only have a small group of employees to keep trained, unlike their 9,900...  If these huge corporations can be breached... we must be diligent... we must overcome the odds!  This business is my life, blood, and soul; I will not be broken!  So here is what we must do:

  1. Security awareness training - you need to be in the minds of all your employees... they hold the keys to your network.  One zero-day click and you are breached.
  2. Monitoring your domain - If  you are like me you want to be in your community and involved in everything.  Your employees are part of the family.  So that mean social media; web site research, etc.  That means that your company email is being used and one of those sites get breached; and they use that password on elsewhere, it just snowballs.

Ask us about what you can do to mitigate these risks.  We are here to help.  We offer security awareness training services for your employees; this includes phishing test.

We also offer domain name monitoring to make sure your company emails don't fall into the hands of the "underground market" aka "dark web".

Interested in these services contact Lisa.

Lisa Niekamp-Urwin
lurwin@ttecht.com
419-678-4600 x105