Capital One’s recent data breach is the latest in a series of attacks that serve to remind us all of the vulnerability of our personal information. The data of more than 100 million people in the United States and Canada was exposed and possibly compromised. Ironically, this new breach occurred shortly after the settlement of the Equifax data breach that happened in 2017, impacting more than 147 million people, one of the largest cybersecurity attacks in history. That two such incidents could impact almost half of all Americans is sobering proof that cybersecurity is quickly reaching an inflection point for IT management. Networks and computers are more at risk than ever before. While we enjoy the convenience of doing business at the speed of the internet, it has opened a Pandora’s box for criminals. We can no longer afford to be uninformed. Which is part of the reason why you should claim your Equifax data breach payment.
What You Can Do Right Now
Before I dive into a lecture about cybersecurity, let’s talk about what you can do right now if you are a victim of either of these two breaches.
For the Capital One data breach, here are five things you should do first. For the Equifax data breach, you may be eligible to receive $125 as part of the settlement. Find out here.
In the larger scheme of things, $125 may not seem like much. However, I believe that it’s important for us all to claim our Equifax data breach payment. Why? Because Equifax is not a small business. It is one of the three largest credit bureaus in the U.S. (The other two are Experian and TransUnion.) They employ experts in cybersecurity prevention and have entire teams focused on IT security. This breach was a result of mismanagement and underspending on IT security. It’s important to make them an example by hitting them where it hurts: in their wallet.
Preventing a Data Breach at Your Company
Now the lecture: We all need to become more educated in cybersecurity. Believe it or not, many IT service providers, such as managed service providers (MSPs), are among the most guilty when it comes to being uninformed. Many are not up to date on the current cybersecurity risks and solutions and are not providing adequate consulting to their small- to medium-sized business (SMB) customers.
Regardless of who is to blame, everyone needs to become more aware, from business owners and supervisors to IT staff, MSPs and general employees. End users need training. Business owners must hold their IT staff or MSP provider accountable. And the IT people must update their skills and offerings.
As the Capital One and Equifax breaches showed us, no matter how big or small your company is, if you ignore your cybersecurity—or even your IT in general—you are playing an exceedingly risky game. The probability of an outage or breach is very high. This is not meant to scare you, but to wake you up about the education and IT mindset that your business needs to operate safely.
Simply implementing only the fundamentals of cybersecurity can substantially reduce your risk. These include:
- Maintaining good backups
- Managing usernames and passwords
- Having good endpoint protection
- Having a good firewall
- Doing end-user IT security awareness training
- Doing risk assessments on your business
- Restricting access to data for those who don’t need it
- Using multi-factor authentication
- Having a good email security tool
- And more …
If you don’t know what all these are, then you know the first questions you need to ask. So, get out there and engage some IT security experts, talk to your IT staff or provider, learn what you don’t know and create an action plan to address it. Your company will lower its risk, and I would be willing to bet that it also ends up being more profitable.