This week's blog post will focus on cyber security, and information security training and education.
Given the abundance of cyber criminal activity, the retail sector is at a particularly vulnerable disadvantage as of late. While most organizations have security training in place for employees, the retail corporation's reluctance to implement security controls to mitigate and prevent attacks has been well documented. This lack of "action" is usually blamed on lack of funds, or an inability to budget wisely for InfoSec measures. Perhaps these companies need to take a closer look at the budget, and the information they are disseminating to employees and shoppers, or lack thereof.
InfoSec training is crucial to the overall security health of an organization. Teaching employees about proper safe guards can combat inappropriate or risky behavior that can leave an organization at risk for exposure. There are a few ways companies can engage their employees in InfoSec training: videos, posters, banners, and quarterly newsletters. It is important for each member of the organization to know they are responsible for IT security, and their actions will be held accountable.
Last year, Target corp announced they would be spending an additional $5 million dollars on a cyber security coalition to educate their employees and the public on the dangers of phishing, cyber crime, and consumer scans. Although this measure was touted as a PR move to "save face" with customers (given the 100 million data breach), the steps necessary to prevent a future cyber attack include proper training and education. Making the commitment to spend the additional funds in this manner shows Target takes cyber education and prevention of attacks very seriously.
Hopefully other retailers take note, and invest wisely.
- Angie
No comments:
Post a Comment