Data Security

Target, which is recovering from a massive data breach, on Tuesday named high-profile information technology consultant Bob DeRodes as chief information officer. The discount retailer's previous CIO resigned in March, several months after the data breach, which included the theft of about 40 million credit and debit card records and 70 million other records of customer details late last year. DeRodes has been a senior information technology advisor for the U.S. Department of Homeland Security, the U.S. Secretary of Defense and the U.S. Department of Justice.

Michaels assured customers a previously disclosed data security issue had been fully contained and raised the disconcerting prospect that it's only possible to make such a claim after a breach has been detected. The company said in January that it learned of possible fraudulent activity on some U.S. payment cards that had been used at its stores. An extensive investigation ensued that involved two independent security firms who, along with the company, worked closely with law enforcement authorities, banks and payment processors to determine what happened.

As data continues to grow at unprecedented speeds, retail organizations must embrace a data-driven mind-set to stay competitive. Considering that 90 percent of the world's data was created in the last two years, this won't be a curve that drops off. With the influx of bigger data and new types of data, retailers of all sizes increasingly depend on large sets of information to make better business decisions. Midsized retailers, now able to cross barriers to the new age of data, have fast become committed to discovering those insights and putting them to work for their operations and customer relationships.

After last year's massive security breaches at Target and Neiman Marcus Group, data-security professionals urged U.S. retailers to upgrade their credit and debit card technology to reduce fraud. Companies have been slow to embrace the more secure payment systems that have been widely used in Europe and Asia for years, mostly because of the expense and a lack of synchronization among retailers, credit card providers and banks.

The recent hacking of customer data from Target computers is roiling the California legislature. Last week, two members of the Assembly touted a bill to strengthen consumer safeguards and limit the type of information collected and retained by retailers. The measure may trigger one of the year's biggest disputes over business-related legislation. "It'll be a big fight, a tough fight," said Bill Dombrowski, president of the California Retailers Association. The bill would shift the responsibility for any data breach from the banks and credit card issuers to the retail businesses where the breach occurred.

There are two kinds of companies today: those that have already had a data breach and those who don't know their data has been breached. It's a sad fact of our time that nearly every aspect of our society has been hacked, including education, business and government. The Venable law firm reports that 621 confirmed data breaches occurred in 2012 alone, and retailers represented 21.7 percent of network-based data breach incidents.
 Is your company ready? What will it cost for it to be ready? Can data breaches be prevented? These were just some of the key questions covered in a recent Direct Marketing Association (DMA) webinar on retailer readiness for data breaches.

Recent data breaches, including those of Target, Neiman Marcus, Adobe, LivingSocial and Snapchat, indicate that merely evaluating passwords isn't an effective way to protect the systems that guard online customer account information. These are high-profile examples, but in reality nearly all online merchants are experiencing an onslaught of attacks as criminals attempt to break into their systems and steal credit card and other sensitive data. Even relatively small retailers are being assaulted. For many of these businesses, unless they adopt new authentication tactics and implement better controls, it's just a matter of time until they too become a statistic. 
Studies have repeatedly shown that the most damaging and expensive cyber attacks all have one thing in common: hackers defeat the system's authentication system. Today's sophisticated cybercriminals employ 

Earlier this month, Sally Beauty confirmed a security breach and is now offering one free year of credit monitoring and identity-theft protection for those customers who may have been affected by the incident. As previously reported by Drug Store News, the beauty retailer detected on March 5 an unauthorized intrusion into its network. Over the last several weeks, Sally Beauty has been investigating the security incident with the assistance of its advisers. The company previously disclosed that it believed fewer than 25,000 records containing payment card data may have been illegally accessed on its system.

Data breaches are a threat for a business of any size, but according to the National Small Business Association, a single cyber attack costs a small business an average of $8,669.48, not accounting for the ripple effects of decreased sales and reduced trust and tainted reputation after a breach occurs. Proactive security measures for monitoring and managing data can save time and money for small businesses across a range of industries. Here are a few simple steps any small business owner can take to help protect against data breaches:

Data breaches, as we've all learned, can be #EpicFails with far-reaching and destructive implications for brands. Once sensitive consumer information — e.g., payment card data, home addresses, phone numbers — is stolen, the ramifications can include federal investigations, appearances by company execs before congressional committees, class-action lawsuits and months of scathing headlines, all of which can precipitate a major loss of consumer trust. "Big companies spend millions, billions of dollars building their brands over 20 [years], 30 [years], 40 [years], 50 [years], 100 years," says Eric Chiu, president and co-founder of cloud security automation firm HyTrust.