The recent data breach at Equifax Inc. has reminded the public that some major companies are not adequately prepared to protect sensitive information against cyber-attacks. Equifax, a major data aggregator and consumer credit reporting firm would reasonably have been expected to have state-of-the-art cybersecurity policies and practices in place. The theft and likely subsequent misuse of the information held by Equifax has the potential to undermine the entire American system of consumer credit. As a byproduct of that undermining, the entire United States (U.S.) financial system may be irreparably harmed. All of this is in addition to the emotional impact at the individual level, where Americans whom have fought hard to build and maintain good credit could have all of that effort go to waste. Victims could go into great debt due to loans taken out by identity thieves, in part thanks to the irresponsibility of Equifax.
The purpose of this research was to examine what cybersecurity policies and practices can be reasonably implemented by corporations to reduce the incidence of similarly devastating attacks from occurring again in the future. The concluding recommendations attempt to avoid highly technical, sophisticated cybersecurity measures that require a deep knowledge of web technologies and programming languages to implement. Rather, the goal was to generate research-based recommendations that can be implemented broadly, and possibly even by those with only a moderate level of technical expertise, yet still have a strong impact on the security of digital assets.