While we all know about the Equifax breach last year that compromised the data of almost 150 million people and businesses, until today we did not know about the Equifax hack two years earlier.
In the earlier hack, former employees – actually Chinese spies – stole thousands of pages of documents including plans for new products, human resource files, manuals and other information.
Equifax went to the FBI and even the CIA, but did not publicly admit the problem.
That is because there is no law that requires them to disclose the theft of intellectual property although investors may disagree and sue them now that they know.
Equifax later found out that the Chinese had asked 8 companies to help them build a national credit reporting system.
I am sure that is just a coincidence.
So what do you as a business owner need to do?
The first thing is to understand that the theft of intellectual property dwarfs credit card theft and the best we can do is guess at the magnitude because most of it is not reported.
While hackers can break into your company, it is much easier for employees to walk the data out the front door. That problem is so bad that defense contractors and financial firms are required by law to have insider threat programs. Understand what a competitor inside the US or internationally might be interested in.
Implement employee training programs to make sure that employees do not contribute to the problem.
While the insider attack is one part of the problem, the outsider problem is just as big a problem. To protect against this, you need to implement a full cyber security program – hardening servers, patches, access controls, firewall rules, etc.
This needs to be part of a formal, documented program.
The most important thing to understand is that it doesn’t always happen to “the other guy”. Most attacks are attacks of opportunity and small and medium businesses are disproportionately affected – likely because they do not have the sophisticated IT controls and staff that big companies have.
You have two choices –
React when an event happens.
I can tell you from experience, preparation is way better.
Information for this post came from Slashdot.