What we can learn from the Equifax leak

Bob Milliken
Bob Milliken

Bad news, my identity was stolen in the recent Equifax heist along with over 8,000 other Canadians (CBC Oct 02). Was yours one of them?

No business owner wants their customers’ data leaked, but no matter how well your prevention plan is, the unexpected can happen. And when it does, what will determine the fate of your business is how well you respond to it. Before you start planning an incident response, read the following story and recite this: Don’t walk in the footsteps of Equifax.

What happened to Equifax?

Equifax, the huge American credit agency announced in September 2017 that its database was hacked, resulting in a leak of tons of consumers’ private data; including names, social security numbers, addresses, birthdates, credit card and driver’s license numbers.

Are your affected? Watch your mail as Equifax will be sending written notices by mail to all of the potentially affected Canadian citizens.

What did Equifax do wrong?

One of the huge mistakes Equifax made in responding to its data breach was setting up a new website to provide updated information to its consumers outside of its main domain, equifax.com.

Why? You first need to know that since the invention of phishing scams, phishers have been creating fake versions of big companies’ websites. That’s why so many major corporations buy domains that are the common misspellings of their real domains. Keep the information page within your company’s main domain to assure your customers that the new page is legitimate.

What’s obvious from this embarrassing misstep is that Equifax had never planned for a data leak. And this is an unforgivable oversight by a company that handles the information of over 800 million consumers and more than 88 million businesses worldwide.

equifaxDon’t repeat Equifax’s mistake

Whether your business is a small startup or as big as Equifax, it needs to prepare for a data breach. In addition to having comprehensive network defense, you also need to have the right incident response plan in place.

Once you’ve discovered a data leak, your 1st step should be to notify your customers and tell them:

  • How the leak occurred
  • How the leak could affect them
  • How you will prevent future attacks
  • What your company will do to support anyone affected

You should also create a web page to keep your customers up to date. But remember, the new web page should be under your company’s primary domain name.

 Your Take Away

As we’ve seen from Equifax, an incident response plan that’s robust is a must. Feel free to talk to our experts about how you can build one for your company that will keep your company’s reputation intact. Call us at 604.270.1730 and we’ll be happy to work with you.

Bob Milliken is the TheITguy@CascadiaSystemsGroup.com specializing in helping businesses with their IT needs. Their mission is to provide IT strategies, service and support that creates raving fans and builds long term lasting relationships.