Want create site? Find Free WordPress Themes and plugins.

Written by: Charles Weaver – CEO, MSPAlliance

For years MSPAlliance has been advocating for MSPs to become more diligent in their enforcement of proactive and secure IT management policies. I have even gone as far as to suggest that legal liability could begin to attach itself to bad IT management practices. Well, the theoretical is now a reality.

Shareholders of Equifax have sued the company for substandard IT management practices, which are alleged to have caused the massive data breach announced in 2017.

The Equifax breach has already prompted a $425 million fine from the FTC.

What Went Wrong?

Besides the data breach, which was the apparent manifestation of the problem, there was an apparent technical problem that could have prevented the breach in the first place.

When hackers take extraordinary actions to circumvent IT security, there is not a lot that can be done to stop these types of breaches from happening. However, when it is such a glaring hole in the security or IT process of the company, then scrutiny will follow. And, that is precisely what is happening here.

“Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes, a password that ‘is a surefire way to get hacked,’” the lawsuit reads.

“Equifax’s cybersecurity was dangerously deficient,” the court said. “The company relied on a single individual to manually implement its patching process across its entire network.”

MSPAlliance Analysis

So, what does all this mean for MSPs? Well, if you happen to be an MSP Verified company, you probably don’t have much to worry about. You are already addressing those critical issues Equifax missed.

1) Effective password management
2) Limited use of administrator access accounts
3) Oversight of internal patch management processes

What this means for everyday MSPs is to be on your guard! Equifax is getting attention because of the size and breadth of the data breach. But, make no mistake that the shareholders suing for harm to their stock values is going to resonate. Do not be surprised if we start to see lawsuits challenging end-user IT policies.

This raises several issues related to the precise role of the MSP, whether they offered a service that was declined, whether best practices were followed, etc. My point in writing this article is twofold; first, here is a major lawsuit involving a large company dealing with what is an IT service process. Second, I hope MSPs take this to heart and begin talking with their customers about how to avoid being involved in lawsuits. Especially lawsuits which could have been prevented had they only listened to their MSP!

Did you find apk for android? You can find new Free Android Games and apps.
Tags : data breach,Equifax,lawsuit,MSPs,proactive IT management
  • Tom
    Posted at 04:32h, 14 January Reply

    I agree with this article except in the end regarding listening to their MSP. There are many MSPs that don’t even listen to their employees when warned about security risks. MSP owners think they know security and don’t have a clue

Post A Comment

Have questions?

We're here to help! Fill out the form below and we will get back to you as soon as possible.

Contact us

Address:

100 Europa Drive, Suite 569 | Chapel Hill, NC 27517

Phone:

1-800-672-9205

Email:

info@MSPAlliance.com

Sign Up For Our Newsletter


By submitting this form, you are consenting to receive marketing emails from: MSPAlliance, 100 Europa Drive, Chapel Hill, NC, 27517, http://www.mspalliance.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact