The U.S. House of Representatives Committee on Oversight and Government Reform published a report on the Equifax data breach, and in this report, there is an important lesson for all MSPs.
One of the main points of the report is the committee’s belief that Equifax failed to “implement an adequate security program to protect this sensitive data.” This is a powerful indictment of an IT department and one that should resonate with all MSPs.
I am not suggesting that MSPs were at fault in the Equifax hack. I don’t know if Equifax even has an MSP. The point, however, is that there is another very high profile data breach which is gathering the attention of a lot of people around the world, specifically the United States Congress.
What Caused the Equifax Breach?
The focus of the congressional committee seems to be on the roles of the CIO and CISO within the organization. Specifically, the conclusion was that the “the IT and Security organizations were siloed, meaning information rarely flowed from one group to the other … Communication and coordination between these groups was often inconsistent and ineffective at Equifax.”
Legislators love to find fault with easily fixable problems and Equifax has presented yet another example of IT mismanagement.
Government Regulation of Data
As we’ve written about many times before, data breaches are going to be the path towards regulation of IT if we don’t pay attention and take IT security more seriously. IT hacks which are preventable are very easy pickings for legislators who want any reason to intrude any a market and regulate it.
The ultimate conclusion of this story has not yet been written. But, the lesson for MSPs is to take these very easy examples and use it to talk to your clients about preventing easy to prevent breaches. If your client won’t do something, maybe it’s time to think about whether that client is worth risk. After all, no MSP wants to have an Equifax as a client.