On the small chance that you haven’t heard the recent news coverage around the Equifax security breach, here is a quick recap:
Early this month, Equifax announced that customer information was at risk due to a cyber security incident starting mid-May through July of 2017.
Cyber hackers accessed people’s names, Social Security numbers, birth dates, addresses and driver’s license numbers.
Equifax also reported that credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people were stolen. In total, they are estimating that 43 million U.S. consumer’s data is at risk.
The magnitude, severity and company’s incident management has brought on severe criticism from the media and public at large.
Yet, the Equifax cyber attack shouldn’t come as a surprise. Research shows that in 2017, there has been a 250% increase in ransomware attacks alone. What is surprising is that 87% of CIOs believe their security controls are failing to protect their business.
These statistics, along with the front row seat to Equifax and countless other companies’ cyber security misfortune, should be a call to action for all business.
It’s a significant risk for any organization to assume they won’t be the target of an attack or that their in-place security is good enough. Companies who are unprepared or unwilling to dedicate needed resources for business continuity planning are opening themselves up to be featured as the next media headline.
4 Ways to Move Into Action
If you’re convinced of the reality and impact of a potential cyber attack and ready to act now, here are a few tips to help you strengthen your business continuity efforts:
1. Go Beyond Compliance
The Equifax breach is resulting in many predicting that cyber security regulations will increase. Regardless of future outcomes, when the fate of your institution and your client’s security is at stake, simply checking a box to meet federal and industry compliance requirements is not enough.
A complete business continuity approach to assess criticalities, create plans, and visualize incidents to manage disruptions is needed to minimize or possibly prevent downtime of critical processes.
2. Question Your Vendor’s Security
Your security is just as dependent on your own efforts as it is on vendors, partners and suppliers. Ask them about their business continuity management to gauge their strengths and vulnerabilities—then adjust your planning accordingly. The Equifax scenario is a perfect example of this. As a credit reporting agency, the data they were responsible for credit card companies, banks, credit unions, retailers, auto loan and mortgage lenders using their services.
By working with a vendor you take on an unavoidable amount of risk and you may not be able to prevent an incident entirely. Yet, asking questions around their continuity processes and plans could potentially help you identify potential problems or concerns, thus mitigating a disaster for your own customers.
3. Remain Agile
When it comes to business continuity management you should know your work is never complete. Maintaining a successful program requires pulling together BIAs and conducting testing drills. This ensures you’re at the top of your game for new and unpredictable threats. Cyber hackers like the ones targeting Equifax, evolve their methods and approaches daily, further emphasizing the need for organizations to adapt quickly.
However, a comprehensive business continuity approach doesn’t have to be difficult. Enlist the help of business continuity software to replace legacy systems and streamline your incident management planning and execution.
4. Understand the Value of Brand Reputation
A strong brand reputation is vital to the operational and financial success of a business. In the event an incident does occur, how you react, communicate and respond can make or break your recovery efforts. Review your customer relationship management and communication plans and remember communicating quickly and accurately is key. Your goal should be to answer any questions, ease concerns and provide detail and direction when possible.
A majority of criticism towards Equifax have resulted in their post-incident actions. Accounting for these factors within your incident management can give you time to craft a positive message and allow you to regain the confidence and trust of your customers.
Want more advice? Tune in to the BrightTALK’ webinar this Thursday, September 21, where Shawn Burke, Chief Security Officer for Sungard Availability Services will contribute to a panel discussion on the Equifax hack and data protection.
For industry tips and to keep up-to-date in the evolving software space, subscribe to the Assurance Software blog.
Written by Assurance Software
Assurance Software takes your company’s enterprise-wide business continuity and resiliency program to the next level. With Assurance as your go-to partner for continuity and resilience, you can confidently mitigate risk, manage recovery, and safeguard your employees, customers, operations and brands.