One Employee vs. Multi-Million Company

Oct 4, 2017

Yesterday we all read the explanation (or as I would call it the “excuse”) of former Equifax CEO to the recent breach of Equifax database that exposed personal data of 145 MILLION US and Canadian citizens.

Here is his explanation: one IT employee of Equifax did not install and verify one patch to their IT system (I will leave technical details aside). Pay attention! This omission happened between March 8 and March 10, while the breach and consecutive theft of data happened between May 13 and July 30 – up to 5 months later!!!

Now let me ask the inevitable question – where was Equifax compliance system and verification of performance during those 5 months? Many of my friends and colleagues have noted that in such organizations as Equifax the patch of any vulnerability in their IT system must involve at least two-steps
approach – application of the patch by one specialist and verification and testing of the patch by another. This simple two-steps procedure would prevent current chaos that Equifax is dealing with and that will cost it millions of dollars in damages, and inevitably – reputational damage.
If the first excuse wasn’t insulting enough, Equifax former CEO had further testified that “the individual who's responsible for communicating in the organization to apply the patch, did not”. Let me ask again – where were those responsible for the actions of that individual, and why such organization as Equifax failed to verify performance?

Unfortunately, we will probably never hear the answer to these questions and those responsible for the breach, including the former Equifax CEO, Mr. Richard Smith, will never take the responsibility for this incident.

Many of you might say that it was a “human factor”, “no one is protected from mistakes”. I will agree – the mistake of the IT specialist was a simple human error, but what followed was a systematic failure of Equifax compliance system. Human factor created a minor problem, while Equifax failure to comply caused the 145-million person data leak.

The conclusion that every prudent business must make from this situation is simple – no matter how small or big your organization is, the only proper response to external and internal risks will come from establishing and enforcing a comprehensive corporate and business compliance system. “Human Factor” is an inevitable risk of every organization, but in most situations it can be easily mitigated by simple procedural measures. Every business owner should adopt the following approach: every day spend 15 – 30 minutes to evaluate a small part of your organizational activity, assess the risks that might come out of it, and then establish a procedure that will mitigate the risk. This simple habit will protect your business, will prevent extensive damages to you personally, to your organization, and to possibly 145-million audience. It will also save you from shamelessly using excuses and accusing one employee in the failure of your organization, in your personal failure.

The referenced article on Engadget.com:

Launch Your Business in Canada

Contact us right now and we will help You!

Capital Cost Allowance (CCA)

Capital cost allowance (CCA) is one of several methods to lower your business's taxable income in Canada. The Canada Revenue Agency (CRA) describes it as "a tax deduction that Canadian tax laws allow a business to claim for the loss in value of capital assets due to...

Motor Vehicle Expense Claims on Income Tax in Canada

Did you use a vehicle for your business last tax year? This article outlines the motor vehicle expenses you can claim on your income tax in Canada and details the necessary documentation to support your expense claims. The examples provided here illustrate how to...

Canada Pension Plan (CPP)

The CPP, also known as the Canada Pension Plan, is a national program that aims to assist Canadians in securing income for their retirement or in the event of disability. It was instituted by Lester B. Pearson's Liberal government in 1965, except in Quebec where a...

Independent Contractor vs Employee in Canada

Understanding whether you are classified as an independent contractor or an employee is crucial for your Canadian income tax, especially if you believe you are a contractor but the Canada Revenue Agency (CRA) later decides otherwise after you have filed multiple tax...

Red Flags That Will Get Your Small Business a CRA Audit

Receiving a letter from the Canada Revenue Agency (CRA) announcing an audit is something every business or individual fears. Tax experts say about 35,000 such letters were issued in 2023. Business tax returns undergo intense scrutiny, and although there is no...

How to Manage Business Expense Records in Canada

Imagine if you were to create a comprehensive list of all the responsibilities necessary for running your business, and then arranged them according to your personal preference. Where would managing business expense records fall within that hierarchy? Would it be...