One Employee vs. Multi-Million Company

Oct 4, 2017

Yesterday we all read the explanation (or as I would call it the “excuse”) of former Equifax CEO to the recent breach of Equifax database that exposed personal data of 145 MILLION US and Canadian citizens.

Here is his explanation: one IT employee of Equifax did not install and verify one patch to their IT system (I will leave technical details aside). Pay attention! This omission happened between March 8 and March 10, while the breach and consecutive theft of data happened between May 13 and July 30 – up to 5 months later!!!

Now let me ask the inevitable question – where was Equifax compliance system and verification of performance during those 5 months? Many of my friends and colleagues have noted that in such organizations as Equifax the patch of any vulnerability in their IT system must involve at least two-steps
approach – application of the patch by one specialist and verification and testing of the patch by another. This simple two-steps procedure would prevent current chaos that Equifax is dealing with and that will cost it millions of dollars in damages, and inevitably – reputational damage.
If the first excuse wasn’t insulting enough, Equifax former CEO had further testified that “the individual who's responsible for communicating in the organization to apply the patch, did not”. Let me ask again – where were those responsible for the actions of that individual, and why such organization as Equifax failed to verify performance?

Unfortunately, we will probably never hear the answer to these questions and those responsible for the breach, including the former Equifax CEO, Mr. Richard Smith, will never take the responsibility for this incident.

Many of you might say that it was a “human factor”, “no one is protected from mistakes”. I will agree – the mistake of the IT specialist was a simple human error, but what followed was a systematic failure of Equifax compliance system. Human factor created a minor problem, while Equifax failure to comply caused the 145-million person data leak.

The conclusion that every prudent business must make from this situation is simple – no matter how small or big your organization is, the only proper response to external and internal risks will come from establishing and enforcing a comprehensive corporate and business compliance system. “Human Factor” is an inevitable risk of every organization, but in most situations it can be easily mitigated by simple procedural measures. Every business owner should adopt the following approach: every day spend 15 – 30 minutes to evaluate a small part of your organizational activity, assess the risks that might come out of it, and then establish a procedure that will mitigate the risk. This simple habit will protect your business, will prevent extensive damages to you personally, to your organization, and to possibly 145-million audience. It will also save you from shamelessly using excuses and accusing one employee in the failure of your organization, in your personal failure.

The referenced article on Engadget.com:

Launch Your Business in Canada

Contact us right now and we will help You!

Contracts for Business Owners 101 in Canada

Every business transaction is based on a contract – whether written, verbal, or by conduct. The presentation discusses various aspects of business agreements, what should be included, and which details should be reviewed by business owners, and addresses the main...

How to Register a Trademark in Canada

If you've thought about obtaining a trademark for a certain element of your Canadian company, it could prove beneficial in safeguarding vital aspects of your business or products. Although not obligatory, understanding the nature of trademarks and the involved...

How Much Does It Cost to Incorporate in Canada?

  The cost of incorporating in Canada varies based on the type of business incorporation and the location where you choose to incorporate. Depending on your intentions of operating nationwide or within a specific province or territory, you can opt for either...

The Steps to Closing a Business in Canada

  Closing a business in Canada is a straightforward task, although it involves more than just notifying customers, selling off remaining inventory, and settling debts. Additionally, it is necessary to formally terminate your business name or dissolve your...

Different Types of Corporations in Canada

When you decide to start a business in Canada, you have multiple alternatives when it comes to structuring your business. One possibility is to establish a corporation, and in Canada, there are numerous options available to choose from. Creating a corporation can be...

Should I Incorporate In Canada? Corporation vs Sole Proprietorship

Should I Incorproate in Canada – All your questions answered! The question of whether and when to incorporate seems to create lots of confusion and many online resources may seem misleading, not thorough enough or inconsistent. Incorporating will be justified in any...