Guest Post: NordVPN Discusses What Can Companies Can Learn About Cybersecurity From The Equifax Breach

Those credit card users who have a credit card report most likely had their personal data exposed because of the Equifax data breach. Affecting over 143 million of consumers in the US, UK and Canada, the attack was one of the biggest global cybersecurity crimes of 2017.

The hackers were able to access Equifax clients’ names, Social Security numbers, birth dates, addresses and even driver’s license numbers. Around 209,000 people got their credit card numbers stolen as well.

It turned out that the attackers were using a well-known Equifax vulnerability to go through with the breach and data theft.

As a result, Democrats in Congress are now calling for increased governmental oversight and penalties to those organizations that fail to protect consumers’ personal information. Tech companies that aim to protect users’ online data agree that more government regulation is needed.

“We believe that big organizations – banks, credit card agencies, healthcare institutions and others – often fail to address known vulnerabilities that could be easily fixed in order to avoid similar breaches,” said Marty P. Kamden, CMO of NordVPN and cybersecurity expert. “The most dangerous moment comes when a vulnerability is disclosed but not yet patched – this is when hackers rush in to exploit it. Many organizations are not as fast to fix their bugs as cybercriminals are to launch a breach. On the other hand, companies are also vulnerable as their own employees may be unknowingly downloading infected files. Therefore, businesses, – both big and small – need to make cybersecurity their priority.”

Here’s NordVPN’s advice to businesses on how to secure their data from cyberattacks:

  1. Fix all your vulnerabilities as soon as they are spotted. When system vulnerabilities are discovered, there should be a procedure in place to fix them immediately.
  2. Avoid opening emails from unknown senders. The rule is simple: if an employee is not familiar with the sender, it’s better they do not open any emails and never click to download any attachments or links.
  3. Use only https URL. Make sure all websites that your employees give data to have the secure ‘https’ URL. The ‘s’ in the URL means that it is a secure protocol and your data is encrypted properly.
  4. Use a VPN (Virtual Private Network). VPNs connect you to the Internet through an encrypted tunnel. A VPN server acts as a relay between the Internet and a company’s device, so nobody can see what data is traveling over the Internet. All that can be seen is that you are connected to a VPN server. A VPN service provider, such as NordVPN, can offer multiple benefits to small businesses, including secure data connections for remote workers and increased safety for business owners to share sensitive company data via an encrypted connection, so it’s not seen by any third parties.
  5. Update your firewall. Most systems have an automatically installed firewall – make sure to properly configure and maintain your company’s firewall in order to keep the network secured.
  6. Use anti-virus. Use up-to-date virus protection to make sure your company’s system is protected from malware such as malvertising (advertisement online with malicious codes).
  7. Strong passwords and two-factor authentication. Perhaps the most basic requirement for any online account setup is using strong passwords. Weak passwords make it simple for hackers to break into your system and cause severe damage. Two Factor Authentication, also known as 2FA, is a two-step verification system that adds an extra layer of security to any organization. Besides password and username, it involves something that only the user can potentially know.
  8. Update your operating system. It sounds simple and easy to do, but it happens that companies ignore the pop-up reminders for software updates. However, it’s one of the most important things to do with a computer, as such updates often fix security vulnerabilities and system bugs.
  9. Be reasonable with rules. It’s not reasonable to ban the use of company’s computers or Wi-Fi outside of the company’s network. People need to connect when it’s most convenient for them. A more productive and efficient approach is to improve the expertise in cybersecurity for staff members.
  10. Don’t single out one responsible person. Cultivating a secure mindset should be the responsibility of the whole team. And if an attack does happen, the real culprit is the hacker, not your staff member. Blaming employees for cyberattacks will only lead to them hiding potential threats.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: