The Equifax hack of 2017 had a massive impact and left many wondering whether their data was actually secure. The numbers involved were simply staggering: 145.5 million US customers had their data stolen, including their names, social security numbers, addresses and dates of birth, and they weren’t informed about the breach for months. Many individuals will suffer the consequences of this hack for many years to come.
But are there lessons here for other companies? What should business executives and CEOs consider in light of this security breach? I want to offer three key suggestions for 2018 and beyond:
1. Your Business May Have Changed, So Be Careful Of Using Old Paradigms
The reporting agencies, such as Equifax and Experian, used to only work with other businesses selling them credit information. In time, however, they decided to open up their tools to retail end users — for example, in 2002, Experian acquired ConsumerInfo.com to lay the foundations for their direct to consumer business. The challenge for any company making this shift from seeing the consumer as the product to seeing the consumer as someone with power is the need to update practices, policies and mindset. In the digital world, companies can change their business models quickly. For example, digital technologies make it easier to open up data to partners to create new services. But such changes represent a fundamental break with the past, in terms of how they approach partnerships, how they go to market and ultimately the speed at which they do business.
2. As Your Business Changes, Invest In The Right Capabilities
All the “ID Protection” services offered by companies such as Equifax and other credit-rating companies, unfortunately, have one common feature — they have weak validations and a difficult-to-navigate user experience (UX). This UX extended to the service that Equifax offered its customers in order to check if they had been victims of the hack. Even if customers could have done more themselves to prevent the hack, it was difficult to use the services available. Those organizations which are well prepared for the digital environment of 2018 have identified the capabilities they need and have invested in bringing together the right mix of technologies and skills to serve their customers. The skills which served you well a few years ago are being rapidly surpassed by new capabilities in areas as diverse as automation, machine learning and data science. To successfully adapt, you can either hire people with these skills or train your existing employees. In my company, Belatrix, for instance, we decided to invest an average of 120 hours per employee per year in training because we believe the only option to stay on top of this constant change is ensuring our employees are constantly learning.
3. Own It
I can’t stress this last point enough. Seeing the CEO of Equifax blame a single IT operator for the breach represents a failure of accountability. Throughout the entire story of the breach, Equifax attempted to avoid taking responsibility for it. For organizations today, accountability and ownership amongst their leadership will be the defining characteristics of success. A simple piece of advice when dealing with mistakes is to make it personal – for example by using language such as “I”, “we”, and “you”. Indeed, research indicates that in earnings calls where executives use such “inclusive language”, investors react more positively.
It goes without saying that to successfully navigate the business environment of 2018 and beyond, organizations need leaders with skills and vision. Organizations are changing, and business paradigms are shifting, so we will also need to re-evaluate what success as a leader entails. We’ll increasingly see organizations focus on leaders with a cross-functional skill set, emotional intelligence and digital understanding. This means companies need to be investing today in identifying and developing the next generation of leaders, who can blend these skills together.