What can we learn about cyber-security from Equifax?

If you haven’t heard the particulars on the Equifax debacle, let me fill you in. There is a lesson to be learned for every business or institution possessing sensitive information.

You may remember that the credit agency had a very serious hack in May or June of 2017. This hack affected over 143 million Americans and was first discovered by Equifax on July 29. It was early September before the company revealed this data breach, one of the worst ever, to its customers.

Here’s where things get really phishy (sorry, couldn’t resist the pun).

Equifax created equifaxsecurity2017.com, a website designed to address customer questions and concerns over the breach. Nick Sweeting, a software engineer, quickly saw a flaw and exploited it. He created an imitation site that looked nearly identical sans one detail (which we’ll get to in a little bit). This was easily accomplished with the help of a Linux command that enables one to download the contents and copy a website.

Wait. It gets much worse. Posts from Equifax’s twitter account directed people to Sweeting’s version of the site instead of the real one. The look of the site was nearly identical to that of the Equifax page with an identical prompt to enroll for complementary protection.

Fortunately, Sweeting’s page included one addition, a headline pointing out that Equifax used a domain that was easily impersonated. Eventually, the site was blacklisted. However, there were reportedly over 200,000 hits to the fake Equifax landing page before this action was taken.

Where Did Equifax’s Cyber Security Measures Go So Wrong?

The sad truth is that Equifax made a beginner’s mistake. When Equifax created their website, they did not use a sub domain but rather an entirely different URl. This makes their website very easy to impersonate. Only Equifax has access to an equifax.com subdomain. Had they used a subdomain such as security.equifax.com for example, visitors would have easily been able to determine the legitimacy of the web address.

The fact that his could happen to a credit agency is amazing, given the current cyber security threats and trends. You see, this wasn’t only a case of lax cyber security protocol. It’s readily apparent that one part of the organization had no idea what the other part was doing. This sort of thing happens every day in small companies as well as large businesses such as Equifax. If no one entity is responsible for all facets of your internet presence, it opens up additional opportunities for exploitation.

Why Use a Multi-Disciplined IT Firm?

At Beacon, we take your security seriously. But it’s not only what we do. Professionals in IT, web design, social media and digital marketing come together to ensure your site’s safe so you can build your online business. When a single team oversees all of your online activity, one hand knows what the other is doing. These kinds of mistakes simply don’t happen.

Get a free website security assessment or contact us at 336.447.3473 with any questions regarding your businesses’ cyber security needs. I’d like to help you avoid the kind of mistakes that can take down an otherwise sound business such as Equifax.

By | 2017-11-16T12:49:58+00:00 October 12th, 2017|BITS News|0 Comments

It’s Finally Here! See the Birth…

After 8.5 hours of hard labor at M3 on St. Patrick’s Day, our newborn officially arrived at 3:20pm, weighing in at a hefty 4,621 pounds. Under trusted and constant care, Team M3 delivered a bright, healthy and colorful addition to the Beacon family.  We are so thankful for all the attention we are receiving for our carefully wrapped bundle of joy, which we’ve named “The BITS-Mobile”.

Beacon’s IT Services Division (“BITS”), which primarily serves the Triad area (Greensboro/Winston-Salem/High Point) has experienced fast growth over the last year. “The BITS-Mobile will not only provide transportation for our technical staff, but also transport equipment such as servers and desktops to our client sites when necessary,” says Mark Dirks, Beacon’s CEO.  “Since our BITS clients are mostly Triad-based, our marketing team recommended a more traditional ‘mobile’ marketing approach through vehicle graphics for local brand visibility.

Matthews Mobile Media (“M3”) has an incredible team and worked with our design team to produce a really creative and professional design. John Scaramuzzo, Beacon’s co-founder and COO, leads the newly dubbed “BITS” Division and is anticipating continued growth after seeing the client base double over the last 12 months.  “Although my team constantly monitors our clients’ technical infrastructure to maintain system health and deter technical problems, there are times when the staff needs to be on site for installations and to work on specific issues,” says Scaramuzzo.  “BITS is essentially an extension of our client’s organization and it’s important that we can be on-site within minutes.  So the BITS-Mobile is a welcome addition to the Team!”


Special Note from Matthews Mobile Media (M3): “Congratulations!  It’s a BITS mobile!!! We have been clients of Beacon for several years and have benefited from their expert team’s proactive service.  There is no doubt that the personal attention and dedication to client growth is a reflection of their mission.  What a privilege to be a part of the birth of their next generation by helping bring the BITS-Mobile to life.  To us, it is a natural fit because we specialize in mobile.  We help companies from all over express themselves through vehicle and environmental graphics.

We like to turn heads for our clients; that’s what we do! So helping to design, create, produce and apply that ‘outerwear’ for our Beacon’s newborn gives us an exceptional rush!  Who knew IT could be so sexy?  Well… we did ;)

Thank you, Beacon, for letting us outfit your newest addition!  All of us at Team M3 look forward to watching the BITS-Mobile grow up and have a little brother or sister very soon!

By | 2017-04-11T13:17:25+00:00 March 27th, 2017|BITS News|0 Comments

BITS Blog – A Technical Blog for the Non-Technical

Welcome to the Beacon IT Services (BITS) blog.  My name is Ryan Bowles, Account Executive for BITS. This blog is intended to be a resource for small/medium sized businesses to help better take control of their IT.  You will notice that my title does not include any words like Network, Systems, Engineer, or Administrator (even though we have plenty of people here that do!). Although I do consider myself an IT Professional, my expertise comes from understanding how IT relates to a business and what can be done to ensure that technology is an asset to a business and not a burden.  This blog won’t be about speeds, feeds, and technical specs (although we will sprinkle in some technical “how to” blogs by the above mentioned specialists from time to time).  Rather, the majority of posts here will be directed towards the small business owners and managers. The goal being to help you better understand technology and how it relates to your business by answering questions that most companies have (or should have) about what to do with their IT.  Ever wonder when you should upgrade your PCs? How about determining if you should replace your old server or move to the cloud?  What is a firewall and do I need one?  These are the types of questions I will be helping to answer.  So as we move forward please share this post and continue to check back to catch up on all the Tips, Tricks, and How To’s of small business technology.

BITS is an IT services company located in Greensboro NC, dedicated to helping our clients improve business productivity.  We do this by offering a range of IT services, leveraging a team of experts to proactively manage our clients IT and ensure that technology is a consistent and reliable asset to their business.

 

By | 2017-03-21T13:43:56+00:00 February 29th, 2016|Computer Related, BITS News, IT Services|0 Comments
Load More Posts