Equifax—one of the "Big Three" credit reporting agencies—announced on September 7th that it fell victim to an enormous data breach, which exposed the private data of about 143 million Americans. Apparently, they allowed room for the breach to happen because they failed to patch a known vulnerability.
The worst part of the breach wasn't that there was a massive exposure of personal data. No, the most depressing part of this ordeal was that worried customers who followed Equifax's instructions encountered a website with serious security issues.
The website Equifax set up as a response to the breach, equifaxsecurity2017.com, was made for customers to find out if they were affected by the breach. Here's why this wasn't a great idea:
It's usually during the aftermath of a breach that hackers thrive. Customers start panicking, so hackers try to benefit from this panic by stealing customer data. Had Equifax adopted any one the following approaches for constructing their breach response website, the breach's aftermath would have been much less chaotic.
Many enterprises also fail to recognize and remedy the following parameters:
Today, websites tend to serve as the primary interface between an organization and its customers. Enterprises should take sole responsibility for keeping their website intact and secure. SSL certificate management solutions such as Key Manager Plus help organizations secure their domains with SSL certificates, identify vulnerabilities associated with their websites, and track certificate expiration with ease.
Click here to learn more about how Key Manager Plus can provide you with much need security and information about your website.
Key Manager Plus is integrated with ManageEngine’s Password Manager Pro, to provide unified privileged identity management platform.
ManageEngine’s Key Manager Plus enables us to stay on top of SSL certificates for all of our websites. With Key Manager Plus, we’re able to monitor which certificates are nearing expiration and roll out new certificates in a timely manner.Ken Odibe Senior cloud infrastructure consultant, Sapphire systems.