The enormity of the 2017 Equifax® data breach has left a wake of fear and frustration among businesses and consumers alike. Names, social security numbers, birth dates, addresses, driver’s license numbers, and other pieces of private data were stolen from an estimated 147.9 million American consumers.
As we say in the Midwest, “Uff Da!”
Below are a number of things you can do to better protect your business and consumers from potential fraud exposures in the wake of this massive data breach.
1. Plan
Implement rigorous security measures to better catch fraud attempts before they occur.
- When authenticating an account user, require personal information (i.e. high school crush, best friend from childhood, pet’s name) along with identifying information for access to the account to help prevent the identity theft of your consumers.
- Require that your account holders have a complex password or passcode to access their account
- Use multi-factor authentication
- Don't just rely on SSNs, birth dates, home addresses or driver's license numbers for granting account access.
- Adopt advanced tools, like biometric authentication, for verifying the identity of accountholders.
- Verify you have up-to-date contact information for all of your members’ accounts, including consumer cards and online accounts.
- Set up a website with information regarding how you plan to communicate with your account holders about updates related to the Equifax cybersecurity breach.
- Post and share contact resources and information for consumers so they know where to go to have their questions or concerns addressed.
- Share educational resources and tools with your account holders that aim to help them prevent and manage identity theft and fraud.
- Train staff on fraud warning signs and job-relevant fraud prevention/response procedures.
- Proactively build a breach response plan, so you can swiftly implement the plan should any fraud exposures occur.
- Monitor likely points of entry for fraud, such as:
- New membership requests
- New products or services requests
- Change of account holder information for existing members, such as change of address
- Purchase institutional coverage that insures your financial institution should a cyberattack occur.
- Consider partnering with an identity theft vendor that offers “deeper” fraud monitoring services for consumers, namely:
- Dark web monitoring
- Social security monitoring
- Address change monitoring
2. Respond
Act swiftly and efficiently to help protect your business’s finances and brand, should an exposure occur.
- Set-up a designated resource or hotline for handling account holders’ concerns and questions related to the breach
- Offer professional identity fraud investigation and fraud remediation services.
- Consider providing credit/other monitoring services at no-cost for consumers.
- Contact Allied Solutions’ risk consultants if you are experiencing an uptick in identity fraud, so we can help you to minimize the fraud exposure.
- Notify law enforcement and regulators about the exposure.
- Work with internal or external resources to notify your members about the breach.
- Contract with external resources to provide printing and mailing services for notification letters.
- Contract with external resources to provide specialized legal assistance and forensic investigative services, if necessary.
- Send out educational information to your consumers, about recommended steps they should be taking to protect themselves from identity theft.
- Use multiple channels to communicate with account holders – email, direct mail, text, etc. – so you are reaching them through their preferred channel and device.
3. Recover
Evaluate fraud damage and response effectiveness, so you may modify your breach prevention and response measures accordingly.
- Evaluative questions to ask:
- Where did the fraud occur, and what could you have done to better protect that point of compromise?
- Are there security tools you need to purchase or replace to more effectively prevent breach exposures?
- Where were critical errors made in following the plan’s procedures?
- Where did the procedures come up short in providing the direction that the team needed?
- What steps/issues could have been avoided with proper pre-planning or different procedures?
- Once you have answered all of these questions:
- Prioritize next steps for improving your breach prevention and/or response processes.
- Implement prioritized changes immediately.
- Train employees on lessons learned and new processes.
- Set-up a timeline for adopting all other changes.
As you work to mitigate the impact of the Equifax breach, we strongly urge you to also share breach information and updates with your consumers, while also educating them about how they can prevent and manage the risk of identity theft.
Stay Informed on Resources from Allied Solutions: Join our e-newsletter list!