5 Steps to Preventing a Data Breach Disaster

With retailers across the globe transitioning to electronic payment options for their customers — most notably the recent launch of Apple Pay — many are starting to wonder if cash payments could soon become a thing of the past. According to the 2013 Federal Reserve Payments Study, this increasing card-based payment trend is being driven by five major factors: new technological and financial innovations; changes in consumer and business financial behaviors; the evolving business cycle; regulatory developments; and population growth.

With such a heavy reliance on e-payment options comes the increasing risk of a potential data breach, however. Take for example the highly publicized incidents involving major U.S. retailers like Home Depot, Target and Michaels, which have all fallen victim to the likes of advanced hackers. As a result, enterprises around the world are beginning to wonder, "Is anyone safe?"

If retailers want to keep both their customers’ financial data as well as their brand reputation out of harm's way, it's imperative they take the right steps in protecting vulnerable information. Below are five critical steps that retailers need to be taking to keep their customers’ financial information safe from a potential breach:

1. Know exactly where your business is being conducted. The majority of retail brands have their customer data spread out across multiple locations, whether it be at the company's corporate offices, at specific retail store locations or within the brand's online portal. Because of this, it's critical for retailers to understand how and where customer data — especially payment information — is being accessed, handled and, most importantly, secured.

2. Recognize data at rest. As mentioned above, retailers are constantly storing information in multiple locations, usually for the customer's convenience. However, data that's being stored on portable devices such as laptops or archived on servers is often forgotten and, as a result, becomes a prime target for hackers. Retailers must encrypt all data at rest. By doing so, there's little to no concern should a device be stolen or lost.

3. Track moving data. Retail brands need to have a clear understanding of how their customers’ data is moving through their infrastructure. Thankfully, technologies like sniffers and network traffic monitoring software enable retailers to track where customer data has been, where it's headed and, most importantly, whether it was encrypted during flight. This allows for retailers to adjust their security measures in response to a potential threat.

4. Join forces with a security expert. By partnering with a data security vendor, retailers can leave the managing of their security infrastructure up to the experts and focus on what's really important to their brand — selling merchandise and keeping their customers happy. A partner can continuously monitor and implement the most appropriate security measures in response to both current and emerging threats.

5. Implement an encryption policy. Retailers need an encryption policy that's mandatory yet manageable. Role-based controls are also a critical component; this implies that only specific individuals have the ability to control or access information. Routine and ongoing audits are also always recommended to ensure that a company's data security and encryption polices are constantly being enforced.

It's safe to say that it's been a difficult year for the retail market. However, these recent trials and tribulations have created a heightened sense of awareness for the industry. IT decision makers and high-level executives are now recognizing the need for better security policies and strategies.

Although it's unfortunate that a massive data breach compromising the personal information of millions of consumers needed to happen, it's just another lesson for organizations across all industries to internalize. It's no longer a matter of "if" a company is hacked, but more so a matter of "when" a company is hacked. The best security professionals can do is continue in the evolution and innovation of solutions to help better protect customer data. The five steps noted above are an important aspect of that continued evolution; they're also explained in further detail in our recently published e-book, Five Observations of Retail Data Breaches: Why Include Encryption?, available for download here.

Garry McCracken is vice president, technology partnerships, at WinMagic, a provider of encryption solutions.