+1-202-802-9399 (US)

Thycotic’s CyberSecurity Publication


Equifax: What you need to do right now

September 14th, 2017

Broken Glass



The news of the mega breach at Equifax is significant not just because of the size of the breach, but due to the sensitivity of the information stolen which ultimately enables cyber criminals to target their victims on multiple fronts including but not limited to Identity Theft, Financial Fraud or changing existing information or security controls on other sensitive accounts.

It is time to step up the activity monitoring and enabling additional security controls which to be honest at this point should be mandatory and not optional.

Many technologies exist that help proactively protect digital identities. They help to detect when new identities are created using your personal information or when someone tries to modify your existing identity. They also provide credit monitoring and check abnormal financial activities. This is something that has existed for a long time but it might be worth revisiting your current settings and increasing the sensitivity on the credit checking and limiting credit amount. If you have not done so already,  enable multi-factor authentication on any accounts relating to sensitive information or financial access including alarms when any settings are changed.  One important measure is to check exactly which of your personal information was disclosed and exactly the accuracy. Sometimes the information may be older though it is best to check how valid it may be. It is also important to understand that personal data is linked to security controls so it is best to avoid using any of the stolen information as a security control in the future, for example, resetting passwords or changing account information.

It is time to be cautious and monitor your account activity for at least the next year or this might be the time to make it a permanent check.

Some Recommendations:

  1. Monitor for Digital Identity Theft
  2. Monitor your Credit Activity
  3. Increase Security Sensitivity and maybe decrease your limits
  4. Be cautious of phishing scams that could be using the stolen data
  5. Enable Multi-Factor Authentication for sensitive accounts
  6. Check validity of stolen data

Now with the news that this could impact up to 400,000 people in the UK as well, it is important that these recommendations are not just limited to US Citizens only.  It will also be interesting to see how this could be impacted under the existing Data Protection Laws as well as the upcoming EU GDPR due in May 2018.

Want to learn more about the new EU General Data Protection Regulation?  Get best practices tips for securing your enterprise-privileged credentials.

The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.

Latest posts by Joseph Carson (see all)

Leave a Reply