The belated disclosure by Equifax of the exposure of significant personal information for tens of millions of Americans has been one of the top news stories for days now. We read and hear a lot of commentary on this latest hack or breach but most of what we hear is not helpful or inclined to make us feel angry or fearful about the breach without providing any resolution or certainty.
This event does not at all impact or involve your cybersecurity measures whether for your business or home. Instead this event represents a failure on the part of Equifax to address their vulnerabilities or take their responsibilities seriously with respect to data they have gathered and stored without your having much of anything to say about it. You might find it interesting that Equifax has spent millions of dollars lobbying for reduced liability relating to the operation of its business and any failure on its part to properly handle the vast amount of data it collects and makes available for credit decisions. Maybe it would have made more sense on spending those millions on making their defenses and protections of data more robust.
This event does, however, underscore the need for all businesses to take steps to secure sensitive data – whether the firm’s own information or that of customers or employees. Although your business may not present a big target to hackers, if you have an online presence, there may be someone taking a look at your business and perhaps attempting to do harm. Even though you may not have the treasure trove of information and data Equifax holds – and has failed to protect – you and your business most certainly do not want to find yourself in the position of having failed to provide that protection.
In the meantime, there is no certain way to protect yourself or your business from the Equifax breach. Locking your credit reports, initiating warnings or notifications of attempts to access your information and perhaps signing up for protection offered by a variety of vendors all may be helpful but none of these provide absolute protection. It seems interesting that Equifax did not have any plan in place to address a breach of their “security” – many other business are required by law to do so. But those businesses do not have the reach and potential negative impact that a failure like Equifax has. Shouldn’t we ask Congress why?