By Brennen Schmidt
ALEUS Technology Group
and Allan Bonner
Troy Media columnist
Trust – like time – can’t be bought. It takes time to build and can be lost in an instant.
Most large organizations’ core values speak of trust. For some, trust is a prerequisite for success. All rely on trust whether they speak about it or not.
Look at Equifax Inc. A security breach resulted in the release of 145.5 million Americans’ private financial and personal information. About 100,000 Canadians were also initially thought to be affected; the number now sits at about 8,000.
Tens of thousands more people will probably be affected.
This threat to average people, at least one senior executive thus far and perhaps the company’s survival came down to a few lines of code on a server that few people knew about or cared about. Apparently, Equifax knew about the vulnerability two months before hackers grabbed the data. But Equifax didn’t fix the problem and now we all wait to see what impact this will have.
The technology podcast This Week in Tech (TWiT) noted the surge in Internet searchers right after the breach. People were asking “What is Equifax?”, “What is a credit reporting agency?” and “What is a credit score?”
Surely the company didn’t want to be famous in this way. It didn’t want a crisis to trigger interest in its services. It didn’t want people to question why they were keeping personal information and why they didn’t protect it – the trust issue. An organization’s biggest asset isn’t necessarily bricks, mortar, inventory and patents. It can also be reputation.
And threats don’t just involve locks, bolts, guards and doors.
We need to respect digital assets just as much as physical ones.
Those who sit at the board table and in executive offices need the right technical expertise. Senior leaders need the patience to understand what’s at stake and how to protect all assets.
Some organizations have chief digital officers (CDO) and chief transformation officers (CTO). These senior executives don’t just have technical know-how. They ask tough questions. They challenge assumptions. They are often thought of as a pain in the neck. They challenge complacency.
Strong organizations will embrace CDOs and CTOs – and vigilance. It will pay dividends.
Employees also need to be part of the process. Safety is every employee’s concern. Technology has an impact on everyone. An organization’s people affect technology and that technology can do damage around the world in seconds.
Passwords should be replaced periodically. But even the best passwords won’t stop an email-based phishing scam from wreaking havoc on a network. These scams exploit trust.
Let’s all take some lessons from Equifax:
- People and enterprises should use lengthy and complex passwords. This practice should be for new and existing devices, especially ones that come with a mundane default password (1234) used during setup.
- When it comes to email, ask yourself: Do I know the sender? Am I expecting this? Is it asking me to do something out of the ordinary? Does it have a short deadline?
- Google the kind of email you’ve received. There’s usually chatter about scams.
- Email the sender if you know that person and ask if the email is for real.
- Look up how to enable two-factor authentication. It requires the user to enter a random set of characters sent by text message or through a mobile app. It’s a small price to pay compared to the alternative.
- Run tests and simulations enterprise-wide. The more timely and realistic, the better. Spot the gaps. Fix them. Repeat.
- Be vigilant. Prioritize digital maintenance, including patching and upgrades. It’s like a ship with a break in its hull. It will sink. Make necessary repairs.
Our grandmothers advised that “an ounce of prevention is worth a pound of cure.” That was true long before computers and is still true.
Brennen Schmidt (BEd, Certiftied PR, CUA) is principal of the ALEUS Technology Group, a boutique digital communications firm in Regina. Troy Media columnist Dr. Allan Bonner, MSc, DBA, is a crisis manager based in Toronto. His forthcoming book is Cyber City Safe.
The views, opinions and positions expressed by columnists and contributors are the author’s alone. They do not inherently or expressly reflect the views, opinions and/or positions of our publication.