The single most egreious flawed information security decsion (Equifax comes to mind...) by a large company in 2017? Read Chris Davies superlative piece, on SlashGear, detailing the recent Google decision to segment security provisioning. Read it and Weep My Friends, for, it is by far, The Show that Never Ends.
"Google is readying special security tools for its high-profile users, reports claim, going beyond mere two-factor authentication. The development comes as investigations into the political impact of alleged Russian hacking during the US election in 2016 continue, alongside other high-profile attacks on data. However, according to insiders, Google plans to target its new system at a specific subset of users. Those, people familiar with Alphabet-owned Google’s plans tell Bloomberg Technology, are being described as “corporate executives, politicians and others with heightened security concerns.” It will build on the company’s existing USB Security Key support. Rolled out in 2014, the USB-based system demanded a physical dongle be plugged into a computer in addition to a password or secure code before access to a Google account was granted." via Chris Davies writing at SlashGear