Collector - December 2017 - 22

ASSIGN SOMEONE TO KEEP UP
WITH (AND IMPLEMENT!) PATCHES

"You need to create a
culture of compliance
and security to help
ensure the 'human error'
Equifax suffered doesn't
happen to you."

22

The Equifax breach happened in part because
a system patch for a known vulnerability
wasn't applied. You may wonder, "If Equifax's
225-person security team couldn't get this
done, what chance do I have?"
Actually, this is one of the easier tasks on
your security to-do list. First, draft a policy
that dictates who will keep track of the
software products you use, and make sure
that person is alerted to any related patches
or security announcements.
Michael Wright, chief security officer for
TECH Lock, said he recommends his clients
sign up to receive security notices from
the U.S. Computer Emergency Readiness
Team, which works in conjunction with the
Department of Homeland Security.
"In their bulletins they let people know
when these types of vulnerabilities appear,"
Wright said. "They give you the criticality
and tell you if there is a patch available."
Next, decide who will be responsible
for applying these fixes and within what
timeframe. Equifax's policy dictated that
patches should be applied within 48 hours of
notification-a noble goal, if followed.
Sarah Morris, managing editor at
KirkpatrickPrice, suggested agencies apply
the updates as soon as is practical, ideally
within 30 days of being notified.
"Most of the time attackers will go after a
known vulnerability, usually resulting from
a patch that was released that people failed
to update," she said. "That is probably the
number one takeaway from the Equifax
breach and other major breaches."
And don't just drop this responsibility
in your IT director's lap and walk away;
someone on the executive level should be
knowledgeable about cybersecurity too.
Admittedly, this can be a tall order for a
small business.
"If you are a small agency with 45
collectors, you might have one server and
your IT guy is your nephew who comes in
part time," Wright acknowledged. "In a case
like that, you're not going to have the option
to even have a chief security officer because
you won't be able to afford it."

The solution? Hire a data security
professional to come in regularly-once
a year, or even once every other year-to
assess your security and update you on any
potential threats.

PUT SOME THOUGHT INTO YOUR
PASSWORDS
Internationally, Equifax also had other
problems this year. A third-party security
firm found that one of Equifax's employee
portals in Argentina used the same basic
username and password-"admin"-
which made it simple for hackers to gain
access to the data.
While this misstep was not related to
the U.S. breach, it does underscore the
importance of secure passwords. A recent
Verizon report found that 81 percent of
hacking-related breaches were the result of
stolen or weak passwords.
In addition to "admin," here are a few
other easily crackable but unfortunately
common passwords to avoid:
* 123456
* password
* login
* welcome
Use a unique password for each piece
of software in the company and make it
as strong as possible: use numbers, capital
letters and special characters.
Make sure employees are not
writing passwords on sticky notes and
posting them at their desks. Password
management applications can help you
keep track of everything.

IMPLEMENT LAYERED SECURITY
CONTROLS
Equifax's former CEO Richard Smith
told Congress that its breach was
the result of "both human error
and technology failures." Not only
did Equifax's security team fail to
implement a critical software patch,
but its information security scans also
failed to identify any systems that were
compromised by the vulnerability.
This illustrates the importance of having
layered security controls, which Morris said is

ACAINTERNATIONAL.ORG


http://www.ACAINTERNATIONAL.ORG

Table of Contents for the Digital Edition of Collector - December 2017

President’s Page
Industry News
Best Practices
FYI
Collection Tips
Stronger Together
Taking a Layered Approach
Lines of Communication
Calendar
Honor Roll
Collective Intelligence
CFPB Issues Final Rule for Small Dollar Lending Market
Ask the Experts: Training Advice
Court Rules Voicemail is a “Communication" and Disclosing Name of Collection Agency Provides “Meaningful Disclosure” Under FDCPA
Compliance
ACA SearchPoint
Last Word
Collector - December 2017 - Cover1
Collector - December 2017 - Cover2
Collector - December 2017 - 1
Collector - December 2017 - 2
Collector - December 2017 - President’s Page
Collector - December 2017 - Industry News
Collector - December 2017 - 5
Collector - December 2017 - 6
Collector - December 2017 - 7
Collector - December 2017 - Best Practices
Collector - December 2017 - 9
Collector - December 2017 - FYI
Collector - December 2017 - 11
Collector - December 2017 - Collection Tips
Collector - December 2017 - 13
Collector - December 2017 - Stronger Together
Collector - December 2017 - 15
Collector - December 2017 - 16
Collector - December 2017 - 17
Collector - December 2017 - 18
Collector - December 2017 - 19
Collector - December 2017 - Taking a Layered Approach
Collector - December 2017 - 21
Collector - December 2017 - 22
Collector - December 2017 - 23
Collector - December 2017 - 24
Collector - December 2017 - 25
Collector - December 2017 - Lines of Communication
Collector - December 2017 - 27
Collector - December 2017 - 28
Collector - December 2017 - 29
Collector - December 2017 - 30
Collector - December 2017 - 31
Collector - December 2017 - 32
Collector - December 2017 - 33
Collector - December 2017 - Calendar
Collector - December 2017 - Honor Roll
Collector - December 2017 - Collective Intelligence
Collector - December 2017 - 37
Collector - December 2017 - CFPB Issues Final Rule for Small Dollar Lending Market
Collector - December 2017 - 39
Collector - December 2017 - Ask the Experts: Training Advice
Collector - December 2017 - 41
Collector - December 2017 - Court Rules Voicemail is a “Communication" and Disclosing Name of Collection Agency Provides “Meaningful Disclosure” Under FDCPA
Collector - December 2017 - 43
Collector - December 2017 - Compliance
Collector - December 2017 - 45
Collector - December 2017 - ACA SearchPoint
Collector - December 2017 - 47
Collector - December 2017 - Last Word
Collector - December 2017 - Cover3
Collector - December 2017 - Cover4
http://online.collector.com/collectormagazine/202007
http://online.collector.com/collectormagazine/202006
http://online.collector.com/collectormagazine/202005
http://online.collector.com/collectormagazine/202004
http://online.collector.com/collectormagazine/202003
http://online.collector.com/collectormagazine/202002
http://online.collector.com/collectormagazine/202001
http://online.collector.com/collectormagazine/201912
http://online.collector.com/collectormagazine/201911
http://online.collector.com/collectormagazine/201910/
http://online.collector.com/collectormagazine/201909/
http://online.collector.com/collectormagazine/201908/
http://online.collector.com/collectormagazine/201907/
http://online.collector.com/collectormagazine/201906/
http://online.collector.com/collectormagazine/201905/
http://online.collector.com/collectormagazine/201904/
http://online.collector.com/collectormagazine/201903/
http://online.collector.com/collectormagazine/201902/
http://online.collector.com/collectormagazine/201901/
http://online.collector.com/collectormagazine/201812/
http://online.collector.com/collectormagazine/201811/
http://online.collector.com/collectormagazine/201810/
http://online.collector.com/collectormagazine/201809/
http://online.collector.com/collectormagazine/201808/
http://online.collector.com/collectormagazine/201807/
http://online.collector.com/collectormagazine/201806/
http://online.collector.com/collectormagazine/201805/
http://online.collector.com/collectormagazine/201804/
http://online.collector.com/collectormagazine/201803/
http://online.collector.com/collectormagazine/201802/
http://online.collector.com/collectormagazine/201801/
http://online.collector.com/collectormagazine/201712/
http://online.collector.com/collectormagazine/201711/
http://online.collector.com/collectormagazine/201710/
http://online.collector.com/collectormagazine/201709/
http://online.collector.com/collectormagazine/201708/
http://online.collector.com/collectormagazine/201707/
http://online.collector.com/collectormagazine/201706/
http://online.collector.com/collectormagazine/201705/
http://online.collector.com/collectormagazine/201704/
http://online.collector.com/collectormagazine/201703/
http://online.collector.com/collectormagazine/201702/
http://online.collector.com/collectormagazine/201701/
http://online.collector.com/collectormagazine/201612/
http://online.collector.com/collectormagazine/201611/
http://online.collector.com/collectormagazine/201610/
http://online.collector.com/collectormagazine/201609/
http://online.collector.com/collectormagazine/201608/
http://online.collector.com/collectormagazine/201607/
http://online.collector.com/collectormagazine/201606/
http://online.collector.com/collectormagazine/201605/
http://online.collector.com/collectormagazine/201604/
http://online.collector.com/collectormagazine/201603/
http://online.collector.com/collectormagazine/201602/
http://online.collector.com/collectormagazine/201601/
http://online.collector.com/collectormagazine/201512/
http://online.collector.com/collectormagazine/201511/
http://online.collector.com/collectormagazine/201510/
http://online.collector.com/collectormagazine/201509/
http://online.collector.com/collectormagazine/201508/
http://online.collector.com/collectormagazine/201507/
https://www.nxtbookmedia.com