In the Rush to Blame, Companies Can Miss the Forest for the Trees
In the ongoing saga of the Equifax security breach, the latest news is that Equifax is placing the responsibility for the breach on a single employee, who allegedly failed to patch a security vulnerability in an unnamed piece of software used by Equifax. As reported by the New York Times, the United States Department of Homeland Security had been aware of the security issue and notified Equifax of the issue. Equifax claims that it notified its IT department, but that a single individual failed to communicate the information necessary to fix the software. On top of that, Equifax claims that their internal security software also failed to identify the vulnerability.
While for some it can be relieving to have an individual identified as responsible for one of the worst internet security breaches in history, the situation raises an interesting question: Can the security of millions of people’s most vital private information ever be entrusted to a single individual?
Internet security is a topic that has become more and more important to our daily lives. In practice, though, many people (and many companies) don’t yet understand just how important it is, nor do they understand that the complexities of security go beyond any single person, regardless of the systems they oversee. Sometimes, in the rush to earn a sense of justice, the greater questions within internet security are overlooked, which, instead of solving the problems, actually makes problems worse.
Internet Security Is a Team Effort and a Societal Effort
As the old saying goes, a chain is only as strong as the weakest link. When considering matters of internet security, companies must realize how important teamwork, corporate culture, and even culture-at-large are in protecting vital data that, in the wrong hands, could be used to cause great harm. Many of the worst breaches of private data are caused by communication issues, lack of information, or social manipulation, all of which are problems that can’t be fixed by a software update alone.
In order to build a robust environment in which to improve internet security practices, education should be embraced and imperfection should be accounted for. When Equifax claimed that a single person did not communicate the information necessary to prevent one of the worst breaches in history, it revealed a much greater problem: Equifax had built their policies of internal internet security on the assumption that one person would never miscommunicate. In truth, even the world’s best make mistakes sometimes, more so when it comes to communication. When dealing with the private data of millions, no system should allow for a single mistake to hurt millions of innocent people.
One of the best ways to prevent a situation like the Equifax breach, even for companies of much smaller size than Equifax, is to ensure that education and accountability are included as important parts of your company’s internet security policies. Thinking about how things could have been different for Equifax, it’s easy to see how if other employees in their IT department had been educated on the breach that was highlighted by the Department of Homeland Security, there is much less of a chance that the fix would have fallen through the cracks.
The above applies to other types of potential breaches in your company’s internet security setup. One of the best ways to prevent your employees falling victim to email phishing, over-the-phone social engineering, or website impersonation is to ensure that they are well-educated on these types of potential vulnerabilities.
Beyond that, having multiple lines of defense and redundancies for your defenses is remarkably important. Consider having multiple employees check each day for critical system updates, and ensure that if you don’t have the talent on hand to keep your systems up to date that you bring someone on, ideally a team specializing in internet security.
As hackers and exploiters become emboldened by the slew of major corporate breaches, one of the greatest defenses we have against them is adopting a societal awareness of internet security best practices. The more education is spread, the safer each individual will become and the less likely major breaches like this are to happen. In addition, the greater awareness there is to the dangers of sharing private information, the more careful consumers will be with their data and the more responsible companies will have to be in order to win consumer trust. Internet security has never been a solo effort, and that fact is now clearer than it has ever been. There is hope, however, in forgoing the urge to blame individuals and instead developing systems and environments that promote better internet security practices.
Do you want to learn more? Would you like to improve your website’s security by working with a team of experts? Come visit us at www.nixa.ca today, and speak with one of our skilled agents.