Data Breaches and the Need for Better Mass Notification Systems
An unseen war rages over our heads in the form of cyber-attacks that can affect the lives of ordinary people in devastating ways. While the hackers of the past were largely considered scattered members of a subculture of pranksters and nuisances, we are now seeing more coordinated attacks from several sources. These attacks have crippled businesses and exposed the private information of millions of citizens.
In addition to their ongoing nuclear threats, North Korea has emerged as one of the most active alleged combatants in this new generation of digital warfare. This year’s release of the WannaCry ransomware attack is widely believed to be the work of North Korean government agencies.
North Korea’s continued collaboration with Russia (another major source of cyber-attacks against US interests) has recently resulted in a gifting of expanded internet capabilities that could easily be utilized for future campaigns.
Who Watches Out for the Watchers?
On September 7, 2017, Equifax announced it had experienced a security breach that exposed nearly 44% of the US population’s private, personal information. With the company’s vital position to determine the ebb and flow of economic activity for the entire country through their credit grading systems, the ongoing damage may take years to even diagnose.
Questions still remain about how this massive breach could have happened. But any explanation would most likely not give anxious consumers peace of mind that their identities and Social Security information hadn’t been compromised.
In addition to the giant, Equifax, VeriFone was also targeted this year by a cyber-attack of unknown origin. This targeted the company’s credit card processing networks and prompted a company-wide lockdown of all networked materials.
Also this year, and equally disquieting, was the breach experienced by those using the FAFSA (Free Application for Federal Student Aid) program to secure loans and grants for tuition. This breach resulted in up to 100,000 people having their confidential information compromised in an identity theft scheme.
Mass Notifications to Lessen the Impact
Part of the controversy surrounding the massive data breach at Equifax was how the company responded to it. Apparently, the breach itself took place quite some time prior to it being made public. Had the company prioritized notifying consumers, much of the potential damage could have been mitigated by consumer-level credit freezes and other actions.
The State of Massachusetts gives clear and concise guidelines and procedures for businesses to follow in the event of a consumer-impacting data breach. An important aspect of these procedures is employing timely mass notifications to alert consumers that their information is at risk. By doing so, consumers have the opportunity to change passwords, PIN numbers or engage in any number of contingency plans before their leaked information can be used for nefarious purposes.
This guidance from the State of Massachusetts provides a good example of how other states can play an active role in assisting both businesses and their clients to better offset potential damage from a large-scale data breach.
We at Regroup would like to see more states take an active role in assisting both businesses and their clients to better offset the potential damage a large-scale data breach can create.
To learn more about Regroup and how our expertise in the field of mass notification can help your organization prepare for potential cyber-attacks, give us a call at 1-855-REGROUP or drop us a line here.