exit-popup-close
We can write it better! Just try!

Choose your writer among 300 professionals!

close

Policies, Accusations And Procedures Appearing To Have Been Lacking At Equifax

Download PDF

One key policy that stood out clearly missing at Equifax incidence was lack of a crisis management plan in place. When Equifax finally came out to speak to the public, they decide to put a website in place for consumers to check for themselves if they were victims of the security breach. The website was quickly labeled sub-standard by Internet experts and not secure as it was not hosted on a domain name that reflects their name and also it run on Word-press which is not considered the right choice to run security tight applications. This showed that there were no policies and procedures to help the administrators at Equifax to understand how to prevent, identify and mostly deal with security incidences of this magnitude.

Essay due? We'll write it for you!

- any subject

- min. 3-hour delivery

- pay if satisfied

Get your price

Another key aspect that did not come out well was communication and transparency. As a manager or director of a company, you need to be open, honest and timely when it comes communicating company affairs. After the incidence happened, it took a long period whilst deciding what measures to take. During this period, Equifax did not disclose any information to its consumers on whether their information was compromised.

Lack of competence on line of duty contributed a large percentage on the incidence. It was reported that an individual on the technology department failed to heed security warning and did not ensure timely upgrade and implementation of the underlying software that would have prevented this incidence. It is also questionable on how an organization with so much at stake, millions of sensitive information mandated to safeguard it would allow that much information to be disclosed unnoticed.

One important procedure that a company should have is a process on how to handle a situation in a way that limits damages and reduces recovery time in event of a security breach. This is called an incidence response. Equifax took longer even to communicate to it consumers. One reason as to why they took long maybe was lack of incidence response team. At all times, there should be a response team that is mandated to respond to any emergency incidence such as this.

Lack of continuous checks on security vulnerability of their software would have meant that a lot of untold security breaches might have been happening before the date of the incidence. When the experts initiated the investigations, much damage might have been discovered and the management at Equifax could not do anything else than cover up the damage. With such huge information and trust at stake, find a calming and assuring message within a short period of time to deliver would have proved difficulty not mentioning fielding press enquirers. Considering the huge amount of data that they were handling, much more time would prove to be required to determine the scope breach.

Did the company lack competent information technology workers or could it be they did not have forensic skills to determine what happened or even capture the intruder? How could this have been avoided Have an incidence response team in place at all times. Having a breach response team helps in triggering quick response hence helping in reduction of harm. Performing regularly software updates and patches is very important, had the “individual” at Equifax’s technology department heeded security warnings and implementation of software fixes, that breach would not have happened.

Days after the intrusion was detected, Equifax offered a website for consumers to find out if they were victims of the breach. Experts noticed that the website had unprofessional traits one of them being hosted on a different domain name other than than equifax.com. Unauthorized party would have used the opportunity to develop such a website and use it to collect much more sensitive information and direct it to other Phishing sites worsening the situaton. A sub domain of equifax.com would have been used instead.

Reference

1. AccountingWeb https://www.accountingweb.co.uk/tech/tech-pulse/cyber-security-what-to-do-in-the-event-of-a-data-breach

2. The New York Times https://www.nytimes.com/2017/10/03/business/equifax-congress-data-breach.html

3. Wikipendia https://en.wikipedia.org/wiki/Equifax#Security_failings

4. Australian Govenment Business https://www.business.gov.au/Info/Run/Cyber-Security/Prepare-a-cyber-security-incident-response-management-plan

5. Csoonline https://www.csoonline.com/article/3025807/data-protection/why-patching-is-still-a-problem-and-how-to-fix-it.html

Disclaimer: This essay has been submitted by a student. This is not an example of the work written by our professional essay writers. You can order our professional work here.

paper Download essay
72 writers online and ready to help you with your essay
close

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.

close

Thanks!

Your essay sample has been sent.

Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

thanks-icon Order now

More Essay Samples on Topic

Eduzaurus.com uses cookies to offer you the best service possible.By continuing we’ll assume you board with our cookie policy.

Do not miss your deadline waiting for inspiration! Our writers will handle essay of any difficulty in no time. Want to get a custom essay from scratch?
Do not miss your deadline waiting for inspiration! Our writers will handle essay of any difficulty in no time. Want to get a custom essay from scratch?
Do not miss your deadline waiting for inspiration! Our writers will handle essay of any difficulty in no time. Want to get a custom essay from scratch?