Four Lessons from the Equifax Data Breach

Equifax has been in the news lately, but for all the wrong reasons, given the massive cyber attack and data breach that happened.  The breach may have affected up to 143 million Americans, which is nearly half of the US population.  Here are four lessons that every organization and their employees can learn from this:

  1. C-Suite Needs to Pay Attention – Really: Equifax’s CEO Richard F. Smith has been publicly apologizing – a lot – and that is not the position that any CEO wants to be in.  Surely, all the items were checked off at Equifax, and they thought they were secure. But cybersecurity is more complex, and requires a spotlight shining on it, rather than the C-Suite getting blanket assurances that they are covered.  Even if it was a bug or vulnerability that exposed Equifax’s data to a breach, why did it take Equifax over two months to uncover it?  Training people with the right eye to cybersecurity awareness and issues can never be underestimated.  This requires attention from the C-Suite so that cybersecurity gets the attention that it merits.
  2. Cyber Attacks Have Reputational Cost: Aside from the immediate shock of exposure to a cyber attack, the latter also have a lasting hidden cost in that they affect consumer trust and weaken the brand.  Building trust in a company and associated brand takes years, and it all can go out the window in a matter of moments, so it’s important to look beyond the immediate cost of a cyber attack as well.
  3. Communication and Transparency Are Key: There have been media reports that the Equifax cyber breach was known to executives, and some even sold stock before going public with the announcement.  A cyber breach can happen to any organization, but how the organization goes about managing it, and how they communicate it, makes all the difference in the world.  Organizations big and small, should integrate cybersecurity awareness training and communication into their DNA, and this will facilitate their effectiveness in dealing with a cyber breach.
  4. Consumers Beware Always: The Bureau of Justice Statistics Reports that 17.6 million US residents experienced identity theft in 2014 alone.  That is a staggering number.  There is no single US agency or organization that can step in and help identity theft victims, so being vigilant against identity theft is incredibly important.  There are certain things individuals can do to ensure they are not victimized.  These include:
    • Periodically check your credit report: You are entitled to a single free credit report from each of the three main credit reporting agencies annually, which means you can pull a free credit report once every four months, if you stagger your inquiries between credit reporting agencies.
    • Freeze Your Credit: You can freeze your credit if you do not wish anyone to apply for credit under the guise of being you.  This will prevent you too from applying for credit (e.g., financing a new car or home), but the freeze can be lifted.  Freezing your credit needs to be done individually with all three credit bureaus, and there may be a fee of $3-$10 per bureau.
    • Place a 90-Day Fraud Alert: This is free and can be done with just one credit bureau, and they will communicate it to the other two bureaus. delete extra space The 90-Day Fraud Alert does expire, though, so you have to keep an eye on it, and decide on subsequent steps.