Collector - December 2017 - 25

If one of these tests reveals an issue, make
sure someone on staff is assigned to correct
the problem-and follow-up to make sure
the system is truly secure.

CREATE A BREACH
RESPONSE PLAN
The way things are going today, it seems
inevitable that at some point, your company
will suffer a breach. When you do, you'll
need to have a solid response plan in place.
Equifax sat on news of its hack for months
before it alerted the public, in part because
it was under no federal legal obligation to
make a quicker announcement.
As a May 2016 Collector magazine article
reported, there is not one federal standard
that dictates how and when you should
notify consumers after a data breach.
But the majority of U.S. states do have
notification requirements when personal
information is compromised, and you will
be expected to follow each law that applies
to your business.
Equifax, it should be noted, is based
in Georgia, which does not specify a
consumer notification timeline for a data
breach. Instead, the law requires companies
to simply alert consumers "in the most
expedient time possible."
Think carefully about how you would
notify consumers-and clients-of a
breach. Delaying the inevitable won't
endear you to them and may magnify your
public relations issues.
And as Equifax learned, even when you
try to do the right thing, like setting up a
website where people can go to find out
if their information was compromised,
when you're working in a rush, details can
get missed.
Among other post-breach missteps,
Equifax's Twitter account directed consumers
to the wrong remediation website for
weeks- www.securityequifax2017.com rather
than www.equifaxsecurity2017.com-not to
mention the fact that the actual site contained
confusing and conflicting information.
And while the company had set up call
centers to address consumers' concerns, they
were overwhelmed by the volume of calls

COLLECTOR 12.17

received and were forced to hire and train
2,000 more reps in just a few weeks.
Sure, Equifax is a bit of a different beast
than your average collection agency-which
doesn't count the entire U.S. population in
its customer base-but there are still some
important lessons to be learned from the
consumer reporting agency's experience.
"You'd be surprised by how many
companies don't have a good breach
response plan," Wright said. "And when
companies do have these plans, usually what
happens is someone Google searched 'breach
response plan template' and then spent five
minutes customizing it for their company,
put it on a file share and forgot about it."
Your plan needs to be tailored to your
operations, clients and consumer base. It's
helpful to involve all facets of the company
in its development-not just IT or a
system administrator.
"If you think about it, detecting an
actual breach is an IT thing, but the
notification part is going to involve your
legal, client relations and operations teams
too," Wright said.
Hold a cybersecurity drill to identify any
gaps or missed steps, and then make sure
someone at the executive level approves the
final response plan.

DATA SECURITY EFFORTS ARE
NEVER DONE
Meeting data security expectations is like
climbing an endless escalator as bowling
balls bounce down toward you-you have
to continuously keep moving forward,
dodging the risks as best you can.
While nobody can guarantee complete
protection from a data breach, having a
culture of awareness and encouraging
conversations about data security are
important pieces of the puzzle.
"The landscape is constantly changing,"
Morris said. "There's always a new attack or
risk. The important thing is to be aware of it
and be prepared to learn something new as a
method of defense for your own company."
Anne Rosso May is editor of Collector
magazine.

KEYNOTES

1

Assign someone to be
responsible for applying
software patches within a
prompt-but reasonable-
timeframe.

2

Use a unique password
for each piece of
software in the company
and make it as strong as
possible.

3

Implement layered
security controls to put
several different obstacles
in front of potential hackers,
including firewalls, antivirus software, multifactor
authentication and
encryption.
25


http://www.securityequifax2017.com http://www.equifaxsecurity2017.com-not

Table of Contents for the Digital Edition of Collector - December 2017

President’s Page
Industry News
Best Practices
FYI
Collection Tips
Stronger Together
Taking a Layered Approach
Lines of Communication
Calendar
Honor Roll
Collective Intelligence
CFPB Issues Final Rule for Small Dollar Lending Market
Ask the Experts: Training Advice
Court Rules Voicemail is a “Communication" and Disclosing Name of Collection Agency Provides “Meaningful Disclosure” Under FDCPA
Compliance
ACA SearchPoint
Last Word
Collector - December 2017 - Cover1
Collector - December 2017 - Cover2
Collector - December 2017 - 1
Collector - December 2017 - 2
Collector - December 2017 - President’s Page
Collector - December 2017 - Industry News
Collector - December 2017 - 5
Collector - December 2017 - 6
Collector - December 2017 - 7
Collector - December 2017 - Best Practices
Collector - December 2017 - 9
Collector - December 2017 - FYI
Collector - December 2017 - 11
Collector - December 2017 - Collection Tips
Collector - December 2017 - 13
Collector - December 2017 - Stronger Together
Collector - December 2017 - 15
Collector - December 2017 - 16
Collector - December 2017 - 17
Collector - December 2017 - 18
Collector - December 2017 - 19
Collector - December 2017 - Taking a Layered Approach
Collector - December 2017 - 21
Collector - December 2017 - 22
Collector - December 2017 - 23
Collector - December 2017 - 24
Collector - December 2017 - 25
Collector - December 2017 - Lines of Communication
Collector - December 2017 - 27
Collector - December 2017 - 28
Collector - December 2017 - 29
Collector - December 2017 - 30
Collector - December 2017 - 31
Collector - December 2017 - 32
Collector - December 2017 - 33
Collector - December 2017 - Calendar
Collector - December 2017 - Honor Roll
Collector - December 2017 - Collective Intelligence
Collector - December 2017 - 37
Collector - December 2017 - CFPB Issues Final Rule for Small Dollar Lending Market
Collector - December 2017 - 39
Collector - December 2017 - Ask the Experts: Training Advice
Collector - December 2017 - 41
Collector - December 2017 - Court Rules Voicemail is a “Communication" and Disclosing Name of Collection Agency Provides “Meaningful Disclosure” Under FDCPA
Collector - December 2017 - 43
Collector - December 2017 - Compliance
Collector - December 2017 - 45
Collector - December 2017 - ACA SearchPoint
Collector - December 2017 - 47
Collector - December 2017 - Last Word
Collector - December 2017 - Cover3
Collector - December 2017 - Cover4
http://online.collector.com/collectormagazine/202010
http://online.collector.com/collectormagazine/202009
http://online.collector.com/collectormagazine/202008
http://online.collector.com/collectormagazine/202007
http://online.collector.com/collectormagazine/202006
http://online.collector.com/collectormagazine/202005
http://online.collector.com/collectormagazine/202004
http://online.collector.com/collectormagazine/202003
http://online.collector.com/collectormagazine/202002
http://online.collector.com/collectormagazine/202001
http://online.collector.com/collectormagazine/201912
http://online.collector.com/collectormagazine/201911
http://online.collector.com/collectormagazine/201910/
http://online.collector.com/collectormagazine/201909/
http://online.collector.com/collectormagazine/201908/
http://online.collector.com/collectormagazine/201907/
http://online.collector.com/collectormagazine/201906/
http://online.collector.com/collectormagazine/201905/
http://online.collector.com/collectormagazine/201904/
http://online.collector.com/collectormagazine/201903/
http://online.collector.com/collectormagazine/201902/
http://online.collector.com/collectormagazine/201901/
http://online.collector.com/collectormagazine/201812/
http://online.collector.com/collectormagazine/201811/
http://online.collector.com/collectormagazine/201810/
http://online.collector.com/collectormagazine/201809/
http://online.collector.com/collectormagazine/201808/
http://online.collector.com/collectormagazine/201807/
http://online.collector.com/collectormagazine/201806/
http://online.collector.com/collectormagazine/201805/
http://online.collector.com/collectormagazine/201804/
http://online.collector.com/collectormagazine/201803/
http://online.collector.com/collectormagazine/201802/
http://online.collector.com/collectormagazine/201801/
http://online.collector.com/collectormagazine/201712/
http://online.collector.com/collectormagazine/201711/
http://online.collector.com/collectormagazine/201710/
http://online.collector.com/collectormagazine/201709/
http://online.collector.com/collectormagazine/201708/
http://online.collector.com/collectormagazine/201707/
http://online.collector.com/collectormagazine/201706/
http://online.collector.com/collectormagazine/201705/
http://online.collector.com/collectormagazine/201704/
http://online.collector.com/collectormagazine/201703/
http://online.collector.com/collectormagazine/201702/
http://online.collector.com/collectormagazine/201701/
http://online.collector.com/collectormagazine/201612/
http://online.collector.com/collectormagazine/201611/
http://online.collector.com/collectormagazine/201610/
http://online.collector.com/collectormagazine/201609/
http://online.collector.com/collectormagazine/201608/
http://online.collector.com/collectormagazine/201607/
http://online.collector.com/collectormagazine/201606/
http://online.collector.com/collectormagazine/201605/
http://online.collector.com/collectormagazine/201604/
http://online.collector.com/collectormagazine/201603/
http://online.collector.com/collectormagazine/201602/
http://online.collector.com/collectormagazine/201601/
http://online.collector.com/collectormagazine/201512/
http://online.collector.com/collectormagazine/201511/
http://online.collector.com/collectormagazine/201510/
http://online.collector.com/collectormagazine/201509/
http://online.collector.com/collectormagazine/201508/
http://online.collector.com/collectormagazine/201507/
https://www.nxtbookmedia.com