So, What's a Retailer Supposed to do?
The Online Trust Alliance has released what it's calling the "Security by Design" framework to help retailers combat the growing risk of fraud and/or data breaches. The framework is composed of the following five steps:
- Create a cross-functional security team headed by a chief security officer (or equivalent) as a single point of authority with security accountability.
- Map the data work flows within your organization and with your outside vendors to identify points of vulnerability. Examine how you handle data, from collection and storage to transmission, usage and destruction. Define who, how and why someone should have access to your data.
- Include security review milestones in the product development process, from concept development to functional specification development to design, testing and launch.
- Audit your network infrastructure, mapping both internal- and external-facing sites and all points of connection. Implement processes to monitor your network and data assets to detect unauthorized access or unusual patterns of activity.
- Develop an incident response plan and team. Include predefined action items and communication strategies that can be easily executed should a breach occur.
Remember, it's better to be safe than sorry.