Here are some steps that Equifax should have taken:
- The CEO should have made sure that the Apache software was updated when they notified the company of the new patch that would secure important consumer data. His position requires him to monitor all operations of the company and make sure everything is running smoothly and properly.
- The CEO should not have placed all of the blame on one IT employee. Smith told the public that the employee did not install the patch when he/she should have. The public was not pleased with this answer, nor did they believe it.
- Equifax should have informed authorities and the public as soon as they discovered the breach. Not wait 6 weeks and then decide to tell them. The company should have been transparent with their customers. The breach caused mistrust as it is. Withholding something this important from the public hurts the relationship that Equifax has with its customers even more.
- Equifax should have fired their CEO before the breach. The company needs an ethical and moral leader. The CEO was not being open, not concerned for the people, and not honest. Perhaps if the company had better leadership, the breach would not have happened.
- Equifax should have encrypted all of their customer's personal data so that it would make it much harder for hackers to steal information. Also, if the hackers know that the data is encrypted, this may deter them from trying to hack the company in the first place.
I believe that the best course of action that the company should take is to take responsibility for their actions and implement new technology, systems, training, and procedures. The company should revise their training and make it required for everyone to get retrained. The new CEO should consider the fact that every customer has the right to have their information stored properly and securely . Purchasing and installing new technology may be costly and take time to accomplish but it is Equifax's duty and obligation. Their customers have rights and the company agreed to a social contract with them. The ethical framework behind my reasoning is deontological. Equifax had a duty and obligation to the public and failed. They need to rethink their actions and implement new strategies to prevent this crisis from happening again in the future.
References
https://www.engadget.com/2017-10-03-former-equifax-ceo-blames-breach-on-one-it-employee.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAEMgMhU_K96u5ovdvGcchaN2KtgMMe_nExX8e2GPLi9xjxArPCypUkmu1h0f8MdUZtkEH41sGhbQTtqhi2UbJ0XnSUTekaTSh0amcz0gdk0YfqnxJdlrd_uwpPa2HrCnkgE4wrUsmIPNIwkbMB1TfaXLDT4nzFQaPfRIe26BM-yg

I agree that the company should have taken responsibility. Things like this shouldn't happen from big corporations because they are receiving enough profit to stay up to date. It's disheartening that some had to worry about identity theft and personal information in anonymous hands. To make it seem worse, all they had to do was update their service and this situation would have never happened. It is completely mind-blowing.
ReplyDelete