Data Security In A Connected Digital World
By Bob Johns, associate editor
A significant number of the challenges retailers face today originate within the digital landscape. Whether it be a DDoS (distributed denial-of-service) attack, pfishing emails, spiders and bots, or access protocol theft, consumer and company data is at risk all of the time. I recently had the opportunity to speak with Jason Thompson, director of global marketing, SSH Communications Security regarding the modern threat landscape for retailers.
Thompson points out, “Retail electronic security threats exist everywhere. With the influx of BYOD, migration to cloud services, and global expansion, the retail threat matrix looks nothing like it did 20, 10, or even 5 years ago.” Who could have envisioned associates using their smartphones on the sales floor, managers walking around with iPads, or LP executives viewing POS exceptions — while waiting at the airport? But what happens when someone watches an employee entering his username and password on one of these devices? With the right password, various levels of customer and corporate data become vulnerable.
SSH Communications Security uses a unified platform approach to data security layering on top of the existing systems. This is a managed service that is minimally invasive while controlling all access to the systems. “SSH is the inventor of the SSH protocol, one of the most widely used secure data communication protocols in the world,” Thompson says. “This has allowed us to help retailers secure data across the entire enterprise network. Retailers must know who is accessing the data, is that person supposed to be accessing the data, and is it really them.” Rolling passwords, device recognition, and password security are all components that need to be addressed to maintain this security. Passwords can be forced to reset over predetermined points of time, they can be restricted to not go in successive numbers, and all easily guessed words can be refused. If you can believe it, people still are using “password”, “123456”, and “qwerty” with regularity, according to the website SplashData.
Providing one centralized security management platform allows IT security to efficiently monitor access across the entire network, no matter how many locations are involved or even what sales channel they involve. Companies can manage current security keys and make sure all older keys are removed when someone changes positions or leaves the company. They know all of the internal and external security risks are being addressed by viewing consolidated reports. And, with PCI standards constantly changing, companies can know that the compliance mandates are being met, see where data is encrypted, and ensure the data is only released to the correct secure party.
As evidenced by Barnes & Noble’s recent breach of credit card data security on its pinpads, the threats are very real. Zappos also suffered a breach that compromised 24 million email addresses, phone numbers, and passwords in January. MasterCard had 7 million records breached, which included 1.5 million credit cards in March. And, LinkedIn saw 6.5 million user passwords compromised in June. Unfortunately the list goes on — TJMaxx, Walgreens, HSN, Brookstone, and Kroger have all suffered security breaches in the past. Retailers must remain vigilant not only because it is their duty to protect data, but because it also directly impacts the bottom line when consumers lose confidence in a retailer’s security.