It has been over two weeks since Equifax announced the data breach to its systems that still has about 44% of the US population reeling.
For Equifax, a Quick Response and Responsibility Were Key
Many people are still trying to figure out how to mitigate risk to their finances, especially given Equifax’s unadvisable handling of the situation that seemed to direct many affected individuals to spam sites.
So, now that things are finally calming down and Equifax’s full strategy has been played out, it is time to look back at the whole fiasco and see what went wrong and what could have gone better.
In the wake of the data breach, many critics pointed out that the hacks continued for two months before Equifax even stopped it. Once the hacks were stopped, Equifax waited a full two months before releasing the news to the public.
These delays clearly indicate that Equifax’s information security frameworks, policies, procedures, systems, and people were failing to both monitor issues and mobilize a solution when breaches actually happened. These delays proved disastrous and contributed in large part to the public’s quickly decreasing trust in Equifax, as shown in the 14% drop in stock value that Equifax experienced in the day after the breach.
Information Security Frameworks
How can other businesses prevent things like this from happening to them? Following proven information security standards like ISO-27001 or COBIT 5 has shown to drastically decrease the risk of data breach. These frameworks provide comprehensive standards to make sure all aspects of maintaing a safe information environment are considered and addressed. No need to reinvent the wheel.
The checklists, frequent reviews, and ongoing updates required by these frameworks are meant to mitigate the risk of an information security breach. Furthermore, many organizations have gone as far as creating a Chief Security Officer (CSO) position specifically to drive clear accountability for the implementation of comprehensive information security foundation.
Make Sure Things Get Done
Complementing an information security framework like ISO 27001 or COBIT 5 with software like CommandHound, a task management software with strong accountability features built-in, is a powerful combination for any CSO.
CommandHound will ensure that every single task in the framework is performed on time, as expected. Its escalation capabilities will drive a sense of urgency, as needed, when things are not getting done. Its dashboard monitoring capabilities will quickly point increasing vulnerability areas based on delays in completing tasks as required by the frameworks.
COBIT 5 information security framework supported by CommandHound
An added benefit of using software like CommandHound is its ability to log and document all information security activities for audit, compliance, and/or ongoing process improvements.
Accountability at Equifax
Equifax lost a lot the public's trust when they failed to take responsibility for their mistakes. The delays in managing a response and in coming up with a clear and credible way forward, combined with the lack of responsibility taken by company leadership, showed the world a culture of fingerpointing and lack of accountability within the company.
A delayed and messy response is a clear sign of chaos, unclear roles and resposibilities, and, most importantly, ownership for what needs to be done next.
A fast and orderly response when a crisis hits is a clear indicator that a strong culture of accountability and ownership exists in an organization. People quickly identify what happened, teams step up to implement mitigation and resolution plans that have been prepared for such eventuality, and everybody is there to minimize impacts.
Measuring accountability in the workplace can be difficult, and it can become especially hard to manage in large companies. CommandHound was built from the ground up with accountability in mind to make sure that individuals feel responsible for accomplishing their tasks.
By monitoring individual performance and notifying managers when tasks are left uncompleted, CommandHound makes sure that performance reviews always rely on real data driving a high sense of accountability in the workplace.
By simply showing the public that systems were in place to monitor their information and employees felt responsible for maintaining secure data, Equifax could have prevented both the data breach and the public perception problems they have faced ever since.
Software solutions like CommandHound make it easy for organizations to keep security frameworks like the ISO-27001 or COBIT 5 on track, and to instill a sense of individual accountability in the workplace. Both of these steps could save your company from the disaster that Equifax faces now. Learn more about how CommandHound can protect your teams.