By Edward F. Davis

 

The breadth of the security breach at Equifax is inconceivable. This premier credit company lost over $2 billion in equity in 24 hours.  So far, we know that 143 million consumers have potentially lost vital, private information. Credit card numbers, Social Security numbers and dates of birth, the latter two being evergreen data, have all been compromised. Due to this disastrous breach, one of the largest on record, consumers need to supercharge the way they protect their assets.  This is a watershed moment.

Equifax clearly lacked a comprehensive plan. They waited four to six weeks before they announced the breach. This duck and cover response is unacceptable. They failed to notify the leadership of the company. They hastily set up a website that did not function properly. They salted the remediation efforts with a liability waiver for themselves. Equifax is now under investigation for insider trading. For a heretofore trusted, multi-billion-dollar corporation, this is complete negligence.

American corporations need to learn the lessons that public safety has learned in the last 20 years in the fight against terrorism; first, you need a plan. The Equifax scandal is further evidence that corporations today need to prepare for WHEN, not IF they will be breached. A good CEO will have a plan, train on the plan and practice the plan. They will have a micro site with functioning software ready to activate in case of a breach. They will have a public relations firm on retainer, focused on crisis management.  As part of the continuity of business plan, they will think about remediation of potential failures. They will develop standing operating procedures that reflect their integrity. They will anticipate crisis and prepare for it. Above all else, they will be transparent, for those who try to hide will lose the trust of the public and their stockholders.

 

Edward Davis, LLC manages crises prevention and response in both physical and cyber security spaces. To learn more, email us at mail@eddavisllc.com.

Let's Talk