Lessons Learned from Equifax


Needless to say Equifax has left a bad taste in many consumers’ mouths. With vague responses to what actually happened to cause such a massive breach and limited solutions for how consumers can protect themselves, Equifax is facing an uphill battle to regain consumers’ trust. There are several lessons to be learned from Equifax’ mistake. These lessons will be invaluable for other businesses to learn from.


  1. There is not a choice between security and privacy.
    Protecting consumers’ data should be every business’ #1 priority. We often hear security and privacy being discussed as two separate issues. But in reality they go hand in hand. Better security leads to greater privacy protection for consumers whose data is collected by companies. Having a security plan isn’t enough on it’s own, you have to instill the importance of protecting sensitive data throughout your organization. This will change the way your organization thinks about protecting data and preventing breaches.
  2. Timing is key.
    Equifax discovered that its systems had been breached on July 29 and reported it more than a month later, on September 7. In Europe it is required to report any potential breach within 72 hours of identification. The United States has yet to set forth any standards for businesses but there are good practices to follow.

    Notifying your consumers of a potential threat should be the first thought that comes to mind after discovery. It is vital to communicate with those affected from the moment you identify to developing a solution to rectify the problem. Be transparent with your consumers and those affected by the breach.

  3. Define a clear protocol for handling security breaches.

    As mentioned above there are no government sanctioned protocols for businesses to follow when they discover there has been a security breach. It is left up to businesses to determine how to address these attacks. In the case of Equifax, the government will get involved to determine if any legal action needs to be pursued given the volume of consumers affected.

    The bottom line is this: have a plan. Do not wait until you are under attack to figure out what to do. Create your cyber security plan now before your back is against the wall. A cybersecurity plan is much more than installing anti-virus and updating your servers. It defines how you will protect sensitive information, best practices for handling sensitive date, and protocols for if a breach is detected.

A cybersecurity plan is comprehensive by nature. Putting one together doesn’t have to be complicated. Join our free cyber security event to learn how to create a cyber security plan for your business. RSVP here.