The Four Things We Learned from the Equifax Breach

Equifax has been a near-constant in the headlines in the wake of the giant data breach that may have impacted as many as 143 million Americans. Most of the attention has been on Equifax’s cybersecurity measures and its public response in the aftermath of the breach. But even if Equifax had in place basic security measures like access controls and patch management, they still would have been inadequately prepared for a cyberattack. The company’s biggest misstep isn’t that its data was breached—no organization’s walls are impenetrable—but its mismanagement of its data before it was even attacked. Its failure to put in place basic information governance best practices—of which security is just one strategic pillar—is ultimately responsible for the sheer size and scope of the attack.

This presentation will focus on four major takeaways from the Equifax breach for organizations’ information governance programs:


  • Human error trumps technology every time.
  • “Don’t put all your valuables in one safe”.
  • Classify and anonymize your data—and get rid of what you no longer need.
  • It’s 10pm. Do you know where your data is?

Presented by:

Jim Koziol  TBA