One key policy that stood out clearly missing at Equifax incidence was lack of a crisis management plan in place. When Equifax finally came out to speak to the public, they decide to put a website in place for consumers to check for themselves if they were victims of the security breach. The website was quickly labeled sub-standard by Internet experts and not secure as it was not hosted on a domain name that reflects their name and also it run on Word-press which is not considered the right choice to run security tight applications. This showed that there were no policies and procedures to help the administrators at Equifax to understand how to prevent, identify and mostly deal with security incidences of this magnitude.
Another key aspect that did not come out well was communication and transparency. As a manager or director of a company, you need to be open, honest and timely when it comes communicating company affairs. After the incidence happened, it took a long period whilst deciding what measures to take. During this period, Equifax did not disclose any information to its consumers on whether their information was compromised.
Lack of competence on line of duty contributed a large percentage on the incidence. It was reported that an individual on the technology department failed to heed security warning and did not ensure timely upgrade and implementation of the underlying software that would have prevented this incidence. It is also questionable on how an organization with so much at stake, millions of sensitive information mandated to safeguard it would allow that much information to be disclosed unnoticed.
One important procedure that a company should have is a process on how to handle a situation in a way that limits damages and reduces recovery time in event of a security breach. This is called an incidence response. Equifax took longer even to communicate to it consumers. One reason as to why they took long maybe was lack of incidence response team. At all times, there should be a response team that is mandated to respond to any emergency incidence such as this.
Lack of continuous checks on security vulnerability of their software would have meant that a lot of untold security breaches might have been happening before the date of the incidence. When the experts initiated the investigations, much damage might have been discovered and the management at Equifax could not do anything else than cover up the damage. With such huge information and trust at stake, find a calming and assuring message within a short period of time to deliver would have proved difficulty not mentioning fielding press enquirers. Considering the huge amount of data that they were handling, much more time would prove to be required to determine the scope breach.
Did the company lack competent information technology workers or could it be they did not have forensic skills to determine what happened or even capture the intruder? How could this have been avoided Have an incidence response team in place at all times. Having a breach response team helps in triggering quick response hence helping in reduction of harm. Performing regularly software updates and patches is very important, had the “individual” at Equifax’s technology department heeded security warnings and implementation of software fixes, that breach would not have happened.
Days after the intrusion was detected, Equifax offered a website for consumers to find out if they were victims of the breach. Experts noticed that the website had unprofessional traits one of them being hosted on a different domain name other than than equifax.com. Unauthorized party would have used the opportunity to develop such a website and use it to collect much more sensitive information and direct it to other Phishing sites worsening the situaton. A sub domain of equifax.com would have been used instead.
1. AccountingWeb https://www.accountingweb.co.uk/tech/tech-pulse/cyber-security-what-to-do-in-the-event-of-a-data-breach
2. The New York Times https://www.nytimes.com/2017/10/03/business/equifax-congress-data-breach.html
3. Wikipendia https://en.wikipedia.org/wiki/Equifax#Security_failings
4. Australian Govenment Business https://www.business.gov.au/Info/Run/Cyber-Security/Prepare-a-cyber-security-incident-response-management-plan
5. Csoonline https://www.csoonline.com/article/3025807/data-protection/why-patching-is-still-a-problem-and-how-to-fix-it.html
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers. You can order our professional work here.