THE EQUIFAX HACK
The Equifax Hack:
A Good Lesson For All Of Us BY: ANTHONY MONGELUZO
With the recent bombshell announcement by Equifax that almost 150 million customer accounts have been hacked, every business should acknowledge this wake-up call. Not just large corporations— the Targets, Home Depots, and Yahoos of the world— but every business that owns at least a single computer. Unless you run your business using a 1950s cash register, it’ s probably a good time to take action.
We had a client that recently incurred nearly $ 400,000 in losses due to hacking because it chose not to invest in the technology it needed to correct a dangerous weakness in its system. Months later, when this client’ s network began to“ act funny,” we knew that our worst fears had come true. In this case, because the hacking had been happening for months before it was detected, decent backup files were hard to come by. The client basically had to wipe its entire network clean— close to two hundred computers— and rebuild, computer by computer.
A weak password was one of the culprits for this particular loss, which enabled the hacker to easily gain access to the company’ s main server. This experience shows how companies can contribute to their own hacking experiences by not fixing weaknesses immediately and by not implementing strong in-house protection policies.
Hackers recognize that large companies are devoting more of their IT budgets to cyber protection, so the hackers are apt to target small- and mid-sized businesses. Using so-called“ social engineering” techniques, they are able to trick people into clicking on email or social media links that spread viruses within their own computer systems. These hackers then often demand considerable“ ransom” payments for the release of company files. IT managers target MS Windows and protective firewalls for heightened security protection against hackers. They may, in fact, be better off simply increasing employee training about avoiding these potential traps.
In our own business as IT consultants, we help clients protect themselves using two publicly available computing tools that we install directly on their systems. This software uses a proprietary method to contain a potential virus in the company’ s junk-mail folders, bar the user from further network access, and notify our company. While it is not 100 percent effective against viruses— no system is— it is certainly far better than going it alone.
The best protection against cyber threats, which can potentially shut down a smallor mid-sized business permanently, is to purchase cyber insurance. Companies with cyber insurance can protect themselves not just from computer losses but also from a host of related costs, including customer notification and credit monitoring, attorney’ s fees, ransom fees, lost production, and reparation costs. We recommend that every business have at least $ 1 million in protection and that every potential policy be reviewed in depth by both a broker and an attorney. Once you and your team are confident that the coverage is adequate, go ahead and sign away. You will sleep better at night just knowing that you’ re protected.+
Anthony Mongeluzo is the CEO of PCS, LLC, a 100-person IT service and support company that provides managed technology solutions for organizations in the Delaware Valley. Anthony is also a partner in three other technology companies that provide cyber security, computer forensic, and web services. He is also a technology correspondent for Fox 29 Philly and is a face for small business owners on Fox National news. You can reach Anthony atAnthony @ helpmepcs. com or connect online with him @ PCS _ AnthonyM
27