Here are four lessons learned from the Equifax breach that
can support your document destruction clients:
Lesson #1 “the Equifax Affect,” where a company such
as Equifax, with more financial and IT resources than most
companies in the U.S. cannot prevent a data breach event
from ever happening.
In Equifax’s case, their data breach event affected 145 million
U.S. consumers where information breached included names,
Social Security numbers, birth dates, addresses and, in some
instances, driver’s license numbers.
Lesson #2 “response and recovery,” where Equifax failed
in multiple ways to respond in a timely and responsible
manner. First, and with irony, the Equifax breach happened
because the company failed to fix a software flaw that federal
officials had warned about months before. But to make
matters worse, Equifax waited nearly six weeks to notify the
public after learning of the hacking event.
When this crisis happened, Equifax’s failed management
response resulted in its chief information officer and chief
security officer “stepping down” and its CEO “retiring.”
Lesson #3 “the future of cybersecurity laws” could
include the potential for criminal action for officers and board
members of any size organization. CSOonline.com released an
article titled “The year ahead in cybersecurity law,” (https://
in-cybersecurity-law.html) where CSO states that “major
legal cases and proposed state and federal legislation will
shape how companies respond to and attempt to mitigate
cybersecurity and data privacy risks.”
Lesson #4 “industry best practices should include
response and recovery” as Risk and Insurance Magazine
highlights in this article titled “Cyber Threat Will Get More
Difficult,” ( http://riskandinsurance.com/cyber-threat-will-
get-difficult/). In this article General Michael Hayden, former
head of the Central Intelligence Agency and National Security
Agency and current principal at the security consultant the
Chertoff Group, stated that “companies should focus on
response, resiliency and recovery when it comes to cyber
According to Hayden, “companies are focusing on the
vulnerability aspect, and responding by building high walls
and deep moats to keep attackers out.” He said “If you do that
successfully, it will prevent 80 percent of the attackers.”
“But that still leaves 20 percent vulnerability, so companies
need to focus on the consequences: It’s about response,
resiliency and recovery,” said Hayden.
In an era of data breaches, businesses that partner to offer
data breach response services, can differentiate themselves,
helping to attract and retain customers, while incrementally
All businesses need strong document management policies –
and strong document destruction companies need strong data
breach response partners to support their business clients.
About the Author
Mark Pribish is the VP and ID
Theft Practice Leader at Merchants
Information Solutions, Inc. He has
authored hundreds of articles and
white papers and is frequently
interviewed by local and national media
as an identity theft and data breach
risk management expert.
Merchants Information Solutions, Inc. is a leading ID theft
and data breach services firm based in Phoenix, AZ.
About the Author
Jim McCabe is the SVP, Identity
Theft Solutions for Vero, LLC. He has
developed his subject matter expertise
in ID theft & data breach solutions
and has contributed to industry
publications and blog sites, while
consistently speaking for conferences
and webinars to foster awareness and
education of best practices.
Vero, LLC is a services company focused on collaborating
with top quality providers to create unique and valuable
packages with invaluable results for SMB companies.