It looks as though Equifax's troubles are only getting worse. Not only is the credit monitoring agency under investigation for exposing the personal data of 694,000 U.K. consumers, but the company's CEO is poised to face a Senate panel to answer for the 145.5 million consumers affected in the U.S.
While Equifax's data breach isn't technically the most consequential cyberattack in history, it will go down as one of the most destructive for both Equifax and the customers who were affected.
Companies must begin thinking of a cyberattack as a two-stage process. First, the attack compromises customer's data. Then, the customers who have been wronged take action against the company that exposed their data.
Consequences can come in the form of tarnished reputation, lost sales, diminished consumer confidence, and direct fines and fees. In all cases, though, a data breach diminishes everyone involved.
Cybercrime Is About More Than Money
Too many companies take a self-centered approach to cybersecurity. They find ways to secure their most sensitive internal data but leave everything else open to attack. This is incredibly shortsighted, however, because any attack that compromises customers compromises the company itself.
It is essential for companies to acknowledge that the more data they agree to store, the more responsibility they have to keep those data safe. Equifax was obviously derelict in that duty, but it is hardly the only culprit. Every year we hear about breaches that put hundreds of millions of consumers at risk.
The bad news is that this risk is only growing. Mobile ransomware attacks spiked by 250% at the beginning of 2017. In addition to the frequency of the attacks increasing, their effectiveness is mounting as well.
At this point it's not surprising to hear that, according to a study by Mintel, just 36% of consumers trust major corporations to do what is right. Conversely, a consumer survey revealed that 57% of respondents list trust as the primary reason they feel connected to a particular brand.
Consumers are sick of the anxiety and uncertainty that build after their most personal information is exposed on a repeated basis. It's time for companies to take this anxiety seriously. More importantly, it's time for companies to realize that they are both the front line of defense and the ultimate victim if something goes wrong.
Creating a System That's Secure for All
Securing vast amounts of data is not an easy task, and it certainly doesn't happen overnight. Yet the companies that go above and beyond to protect data serve their customers' interests and their own interests at the same time. Here are some strategies from industry experts on how to cover every angle:
1. Protect structured and unstructured data. Most structured data are already subject to security protocols. But what about the highly valuable and highly vulnerable unstructured data sitting somewhere like an email inbox?
With an estimated 60% of attacks introduced through email, David Wagner, CEO of the email security company Zix, recommends focusing security efforts on weak points like the inbox and prime targets like unstructured data to prevent critical oversights from creeping into a cybersecurity strategy.
2. Provide extensive consumer education. The end user, whether it be an employee or a consumer, is the best line of defense against an attack. Many of the most effective attacks rely on manipulation and trickery far more than technical wizardry, and keeping your customers well informed will go a long way toward keeping everyone safe.
CreditSoup is a good example of a company leading the charge. In the wake of the Equifax breach, CreditSoup published an extensive blog post educating consumers on how to keep credit data safe. This approach should become standard.
3. Practice password management. When hackers gain login credentials, they do not need sophisticated pieces of malware to steal a lot of valuable data. Unfortunately, most passwords are short, simplistic, and outdated, according to Morgan Slain, CEO of the password management company SplashData.
Passwords must be strong to start and then changed regularly, using unpredictable combinations of letters, characters, and numbers. No cybersecurity effort is effective when hackers have the keys to the gate.
4. Create a culture of cybersecurity. Securing data isn't just about putting up access controls. In fact, a company that relies on restrictions alone can actually create more vulnerabilities, according to Eduard Meelhuysen, an executive at the CASB company Bitglass.
In order for an organization to be truly safe, every member must understand what threats exist, where they come from, and how to follow data security best practices without fail. Creating a culture of security is a way to prepare for new and evolving threats as well as the most pressing concerns of the present.
The security threats of tomorrow are being devised, developed, and deployed right now. And when they strike, the victims will be multiple and myriad. It is understandable for consumers to be worried, but it's also imperative for the companies that keep their data to be proactive about protection.