How the Equifax Data Breach Effects Small Business Owners

In early September, it was revealed that there had been a major data breach at Equifax, one of the nation’s three major credit reporting agencies. The breach, which took place from mid-May through July, affects 143 million Americans and over 8 million New Yorkers. During the breach, hackers gained access to names, Social Security numbers, birthdates, addresses and, in some cases, driver’s license numbers and credit card numbers.

While most assume Equifax’s massive data breach is solely an issue for consumers, it’s important to consider that many small businesses’ credit activity is under the name of business owners. Therefore, businesses that use personal credit cards and/or maintain debt in the name of an individual are also at risk for cybersecurity and identity theft attacks.

How can I protect myself and/or my business?

The first step, according to the Federal Trade Commission, is finding out if your information was exposed to the hackers and – whether exposed or not – enrolling in a year of free credit monitoring and other services from Equifax’s cybersecurity support. Consumers and business owners, alike, should be cognizant about protecting their credit cards and bank accounts, and cautious about clicking any links that may be phishing attempts from the cybercriminals responsible for the breach. These recommendations should be distributed to all employees, as to avoid phishing incidents in the workplace.

The FTC also recommends affected individuals take the following steps:

  • Check your credit reports regularly
  • Consider placing a credit freeze on your files
  • Monitor accounts closely
  • Consider fraud alerts on accounts
  • File your taxes early – before cybercriminals have the opportunity to do so

What comes next?

In New York State, Governor Andrew Cuomo released regulations that subject credit reporting agencies, including Equifax, Experian and TransUnion, to the same rules as banks and insurances companies. This effort to protect consumers will require these companies “to register with the state’s Department of Financial Services, whose superintendent will have broad powers to deny or revoke their authorization to do business in the state, or to sue, if a company fails to comply or engages in prohibited practices deemed unfair, deceptive or predatory,” explains The New York Times. Companies that fail to comply would be barred from compiling consumer reports and collecting fees for their services.  The new regulations, which are expected to be adopted within 60 days, will require credit reporting agencies to register by February 1 annually.

Under these new regulations, credit reporting agencies will be required to comply with the cybersecurity regulations recently adopted by financial services providers, including implementation of programs for protecting consumer data, appointment of chief information security breaches and reporting of all security breaches to the regulator. Governor Cuomo hopes, and we expect, other states will soon follow suit to replicate the regulations across the nation.

Will this happen again?

The most recent Equifax breach was the second cybersecurity incident to impact the credit reporting agency in this year alone. Two months prior, during the 2016 tax season, Equifax experienced a separate and unrelated attack involving a payroll-related service. Cyberattacks of this magnitude are often highly sophisticated, and thus, hard to predict. As a consumer or small business owner, it’s critical to follow recommendations from the FTC, should a similar episode occur.

If your business manages confidential client information, it is crucial that your company has the best available cybersecurity insurance in order to avoid a debilitating situation. Speak to us about risk management solutions that can help protect your company from cyberattacks and help you to meet the protection requirements customers need.

Post a Comment

Your email address will not be published. Required fields are marked *

Related Posts

A New Cybersecurity Threat: Understanding Fileless Non-Malware Attacks

Fileless non-malware tactics are being used to stealthily infiltrate cybersecurity systems and many organizations aren’t equipped to detect or defeat these tactics. We discuss what businesses can do to combat fileless methods of attack and protect cyber assets.

Read More

Update to OSHA Electronic Recordkeeping Deadline

Under a final rule that was deemed effective on January 1, 2017, the Occupational Safety and Health Administration (OSHA) announced its intent to update employer requirements for injury and illness data recordkeeping through required electronic submissions.

Read More

New York State Employers Could See Savings with Workers’ Compensation Reforms

In April, the New York State Senate passed the 2017-18 state budget with focus on reducing inhibitive regulations on businesses and growing the economy through reforms to workers’ compensation. The final budget incorporates the most significant workers’ compensation reform the state has seen in a decade.

Read More