Whether large or small, there are a few things that need to be implemented when a business experiences a breach:
1. Unlike Equifax, notify customers/clients immediately. Even if all the facts are not known. The law states that unless law enforcement specifically says not to, businesses are under obligation to notify any customers/clients whose information has been compromised. Cybersecurity experts say the sooner the better.
2. Customers/Clients must be informed of what was compromised, i.e. Name. Social Security number, Driver’s license number, birth date, etc. Whatever was taken needs to be revealed.
3. Explain what is being done about the breach.
4. Outline how people can contact the owner or representatives with questions about the breach. Will there be an 800 number, a special web site? Equifax has set up a website to check if someone’s information is in jeopardy, www.equifaxsecurity2017.com Once there, click the Potential Impact tab. Put in last name and the last six digits of the social security number to check. This has proven to be problematic in that people have been putting in information like Bunny as the last name and 123456 as the last six and getting an answer. That combination of information shouldn’t reveal anything. Note: the language stating that by entering information the user waives their right to sue Equifax has been removed.
5. Explain how the breach occurred.
6. List recommendations of what customers/clients can do.
7. To be helpful, include the contact information for each of the credit monitoring agencies. Kind of a strange item when one of those credit monitoring agencies is now the problem.
With 143 million, that’s 44% of the American population, records compromised, this should be a wake-up call for all of us. Yes, Equifax is big, but big means that if they are vulnerable than so is everyone else. Again, thieves don’t discriminate, they go wherever they can from the comfort of their couch and that couch can be anywhere in the world. A business is not safe because it is small. Business owners need a plan. They need to think through what they would do. Public trust and the integrity of the business is at stake. A breach is like any other emergency and it should be treated as such. Be prepared because in an emergency it’s difficult to find the clarity we need to act in the best interests of our customers/clients and our business.
Lori Lawson is an ID Shield specialist and LegalShield Director. Her company, New Line Associates is located here in Oceanside and she has been a Chamber member for over ten years. Visit their website at newlineassociates.com. Email her at lori@newlineassociates.com for a free, no obligation consultation.