Equifax is in for a tough journey since they don’t have any way to walk away from compromising more than 100 million consumers unscathed. However, the way they handled the post-disaster process was a lesson in everything not to do after a data breach. They’ve made things more difficult than they needed to be, but they can correct their course if they manage to do a few important things.
Stop Messing Up Their Responses
Over the past few weeks, Equifax has sent consumers to phishing sites and malware-laden pages. People are already understandably upset at Equifax for compromising their data and putting them at risk of identity theft. The last thing they need the credit reporting agency to do is mess up the recovery resources.
Equifax needs competent emergency management personnel double-checking everything that goes out from the organization. They’ve made too many mistakes in an attempt to quell the massive public outcry that’s going on.
The company has most likely brought in additional staff to address the high call and support demand, but it’s obvious that things are in complete disarray there. With incorrect links and significant delays in responses, the customer experience is suffering during an already trying time. Equifax may be able to plug their security holes, but it’s unlikely that they’re going to win over consumers anytime soon.
Put a Cohesive Recovery Plan in Place
Equifax doesn’t appear to have a particularly strong recovery strategy in place. Given the high value of the data that they have available, you would think that they would have planned for this contingency. Sure, the scale that they expected could be lower, but the overall response would have been handled before things went horribly wrong.
A plan won’t help them this time around, but getting one together will prove useful for the future.
Aggressively Looking For More Security Holes
The credit reporting agency is going through a comedy of errors at this point, with more details coming to light about how the breach occurred, as well as previous security incidents at the company. Equifax needs to get aggressive about figuring out where the next attack could target.
External partners, penetration testing providers and other cybersecurity resources will be essential for locking down Equifax and stopping the tide of consumer distrust.
Overhaul Their Current Cybersecurity Practices
The recovery process should also include an in-depth examination of their current cybersecurity practices. The basics ended up being the part overlooked, and it’s hard to say what else they might be messing up.
If the problem ends up being the funding available for Equifax’s IT security, then an adjustment of the budget also needs to happen at the same time.
It’s too early to tell whether Equifax is actually capable of recovering from this massive cyberattack. Transunion and Experian are all too happy to jump in and point out that they haven’t been breached, and there have been talks about decreasing the reliance on social security numbers as personal identifiers. The company needs to double-check everything they do, and ensure that a repeat is unlikely to happen.