Data Security

Recent data breaches, including those of Target, Neiman Marcus, Adobe, LivingSocial and Snapchat, indicate that merely evaluating passwords isn't an effective way to protect the systems that guard online customer account information. These are high-profile examples, but in reality nearly all online merchants are experiencing an onslaught of attacks as criminals attempt to break into their systems and steal credit card and other sensitive data. Even relatively small retailers are being assaulted. For many of these businesses, unless they adopt new authentication tactics and implement better controls, it's just a matter of time until they too become a statistic. 
Studies have repeatedly shown that the most damaging and expensive cyber attacks all have one thing in common: hackers defeat the system's authentication system. Today's sophisticated cybercriminals employ 

Data breaches are a threat for a business of any size, but according to the National Small Business Association, a single cyber attack costs a small business an average of $8,669.48, not accounting for the ripple effects of decreased sales and reduced trust and tainted reputation after a breach occurs. Proactive security measures for monitoring and managing data can save time and money for small businesses across a range of industries. Here are a few simple steps any small business owner can take to help protect against data breaches:

Data breaches, as we've all learned, can be #EpicFails with far-reaching and destructive implications for brands. Once sensitive consumer information — e.g., payment card data, home addresses, phone numbers — is stolen, the ramifications can include federal investigations, appearances by company execs before congressional committees, class-action lawsuits and months of scathing headlines, all of which can precipitate a major loss of consumer trust. "Big companies spend millions, billions of dollars building their brands over 20 [years], 30 [years], 40 [years], 50 [years], 100 years," says Eric Chiu, president and co-founder of cloud security automation firm HyTrust.

In J.C. Penney's latest annual report, gone are references to becoming "America's favorite store." Its "Fair and Square" low everyday prices and jcp.com website descriptions have also been scratched. Replacing them are a return to promotional pricing and the resurrection of its old Jcpenney.com website. But that's not all. The company has also overhauled its list of risk factors. Following Target's big data breach, J.C. Penney has joined other retailers flagging data security as a major new risk factor. The economy also continues to menace the company's turnaround efforts.

The massive cyberattack on Target last year unleashed efforts to protect consumers from crooks swiping credit card data from in-store transactions. But as retailers and regulators scramble to develop a solution, hackers have already moved on. Most hackers are focusing their efforts on online transactions — increasingly with an eye on those conducted over smartphones or other mobile devices. In other words, retailers are two steps behind the criminals.

Sally Beauty, a seller of hair and beauty products, said data from fewer than 25,000 customers’ payment cards was illegally accessed and may have been stolen. The U.S. Secret Service and Verizon Communications are helping investigate the incident, the Denton, Texas-based company said in a statement. Sally also said it's working to mitigate and remediate the issues caused by the breach. U.S. retailers including Target and Neiman Marcus are working to recover from hacker attacks that exposed the data of tens of millions of customers during the holiday season.

Target's security software detected potentially malicious activity during last year's massive data breach, but its staff decided not to take immediate action, the No. 3. U.S. retailer said on Thursday. "With the benefit of hindsight, we're investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement. The disclosure came after Bloomberg Businessweek reported on Thursday that Target's security team in Bangalore had received alerts from a FireEye Inc. security system on Nov. 30 after the attack was launched and sent them to Target headquarters in Minneapolis.

Cross-channel success in retail is all about coordination of data in an era where the number of channels and the amount information flowing through them keep growing. Think of the data streams from a variety of channels, including brick-and-mortar, websites, pay per click, email, direct mail, mobile devices, catalogs and more, and it's easy to see how the combined flood of information can reach the multiterabyte scale in a company's data network. The challenge comes in making sense of all this "big data" and teasing out important relationships and patterns from the noise.

Visa and MasterCard are partnering to create a new group that will focus on improving payment system security. The group will include banks, credit unions and retailers, and initially focus on adoption of EMV (Europay, MasterCard, Visa)-compliant card technology in the U.S. in advance of the October 2015 liability deadline. The group will also study tokenization — the replacement of customer account numbers with unique digital payment codes. "The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security," said Ryan McInerney, president of Visa.

While many retailers ask how to attract more shoppers, the better question is how to increase your conversion rate. Why? Because you can do promotions and marketing gimmicks until the cows come home, but if you haven't done all you can to convert those consumers who are in your four walls — the only place you can truly affect your sales — from lookers to buyers, then you're like a poor marksman constantly missing the target. Bigger retailers know that high conversion rates are their salvation and low conversion rates are the death knell of their operation.