Equifax is one of the three largest credit reporting agencies in the nation. In September of 2017, the agency announced that it had experienced a massive data breach that had affected over 143 million users. This includes people in Canada and the United Kingdom. It was considered to be the worst corporate data breach ever recorded at the time. This breach taught businesses of all sizes some very important lessons, some of which will be discussed below.  

Size Does Not Equal Security

It is important to remember that just because a company is big does not mean they are immune to data breaches. In fact, it is typically quite the opposite. Most larger companies are more prone to attacks because of the enormous amounts of information and financial assets they possess. We live in an age where information is a hot commodity. Equifax is one of the big 3 credit agencies, which means, according to Murfreesboro Insurance, that data was compromised 143 million users. Some companies also simply fail to adequately invest in security measures and training.

Preparation is Critical

Equifax made a critical mistake in assuming that a simple IT and computer response would help them get through this incident. Planning and organizational intelligence have to be the primary focus to handle this type of incident. Implementing adequate controls always starts with proper planning and should be in the following order: Employees, processes, and technology.  

Standard Preventative and Detection Measures

It is important to take advantage of proven knowledge that is already available to implement programs to protect your customers and clients. In other words, don’t try to reinvent the wheel. In addition, it is important not to assume that a patch for a particular program has been successfully applied and tested. Take the extra steps to ensure that the patch is effective for your specific application.  

Know Your Public Response in Advance

When an incident happens, especially of this magnitude, your business must be prepared to address the public immediately. This will extend well beyond just a verbal announcement. Equifax created a new website to address the issue, but it was poorly planned and had numerous errors. This simply made a bad situation worse. This is why you will need to have a plan in place before an incident happens. According to Silicon Valley Law Group, you may want to review your state’s security laws to make sure that you are prepared to handle the situation correctly.
Every situation is different, so the one-size-fits-all approach will not work. In this situation, Equifax failed to think about how to leverage the various media platforms to get the message out and if they needed to go beyond just talking to the public. Another thing they failed to consider upfront was free identity protection.

Equifax has taught us that the size of a business does not make it safe and that cybersecurity should be a primary focus of businesses of all sizes. The agency made numerous errors to include poor planning and control measures, preparation, and botched public response. Even if your business is small, you should take the proper precautions to make sure your business and employees are protected from data breaches like this that are bound to happen at some point.