Let me just say how underwhelmed I have been with Equifax’s sense of urgency (or lack thereof!) after the recent data breach of their network. In this day of network vulnerability, the huge business on the dark web and American’s increasing reliance on online activity – this breach was bound to happen. Maybe that’s what surprises and disappoints me so much about the credit agency’s ability to deal with the aftermath.
Yes, I tepidly checked in (should I really leave my social security number??) to see if I was possibly impacted. Like virtually everyone else in the country, I received the “yes, you are likely vulnerable” message that was also accompanied by the “but we’re too busy to contact you further so check back in 4 days”. Not only have I checked back only to not access any additional information, I received the following message 5 times over the past 48 hours as I have tried to freeze my credit status:
However, that continues to highlight for me the need for broadband providers to be able to protect their networks and to ensure that they are kept apprised of current threats. I am certain that they will have a better way of dealing with their consumers than Equifax has demonstrated to date. NTCA is hosting our second Cybersecurity Summit at the end of October and I sincerely don’t understand why we don’t have at least one person from every NTCA member company attending this meeting. What RLECs don’t know should scare them….a lot!
Here at NTCA, I had a meeting with some of my senior team leaders to review our own internal processes and procedures as well as prioritize mandatory staff training to be conducted or at least started by the end of the year. Our IT team is on top of it and has purchased and installed virus protection for all of our servers and laptops, hard drive encryption software for all of our laptops and pcs and is currently in the process of upgrading our network’s switches and firewalls to add an extra protection from outside attacks. Just like we encourage NTCA members to do, we are aligning ourselves with the NIST Cyber Security Framework as well as reviewing all vendor contracts to ensure up-to-date cyber security protection clauses are added, where possible.
A lot to be thinking about but I encourage everyone to learn more….these issues will only become more critical.