Data Security

Earlier this month, Sally Beauty confirmed a security breach and is now offering one free year of credit monitoring and identity-theft protection for those customers who may have been affected by the incident. As previously reported by Drug Store News, the beauty retailer detected on March 5 an unauthorized intrusion into its network. Over the last several weeks, Sally Beauty has been investigating the security incident with the assistance of its advisers. The company previously disclosed that it believed fewer than 25,000 records containing payment card data may have been illegally accessed on its system.

Data breaches are a threat for a business of any size, but according to the National Small Business Association, a single cyber attack costs a small business an average of $8,669.48, not accounting for the ripple effects of decreased sales and reduced trust and tainted reputation after a breach occurs. Proactive security measures for monitoring and managing data can save time and money for small businesses across a range of industries. Here are a few simple steps any small business owner can take to help protect against data breaches:

Data breaches, as we've all learned, can be #EpicFails with far-reaching and destructive implications for brands. Once sensitive consumer information — e.g., payment card data, home addresses, phone numbers — is stolen, the ramifications can include federal investigations, appearances by company execs before congressional committees, class-action lawsuits and months of scathing headlines, all of which can precipitate a major loss of consumer trust. "Big companies spend millions, billions of dollars building their brands over 20 [years], 30 [years], 40 [years], 50 [years], 100 years," says Eric Chiu, president and co-founder of cloud security automation firm HyTrust.

In J.C. Penney's latest annual report, gone are references to becoming "America's favorite store." Its "Fair and Square" low everyday prices and jcp.com website descriptions have also been scratched. Replacing them are a return to promotional pricing and the resurrection of its old Jcpenney.com website. But that's not all. The company has also overhauled its list of risk factors. Following Target's big data breach, J.C. Penney has joined other retailers flagging data security as a major new risk factor. The economy also continues to menace the company's turnaround efforts.

The massive cyberattack on Target last year unleashed efforts to protect consumers from crooks swiping credit card data from in-store transactions. But as retailers and regulators scramble to develop a solution, hackers have already moved on. Most hackers are focusing their efforts on online transactions — increasingly with an eye on those conducted over smartphones or other mobile devices. In other words, retailers are two steps behind the criminals.

Sally Beauty, a seller of hair and beauty products, said data from fewer than 25,000 customers’ payment cards was illegally accessed and may have been stolen. The U.S. Secret Service and Verizon Communications are helping investigate the incident, the Denton, Texas-based company said in a statement. Sally also said it's working to mitigate and remediate the issues caused by the breach. U.S. retailers including Target and Neiman Marcus are working to recover from hacker attacks that exposed the data of tens of millions of customers during the holiday season.

Target's security software detected potentially malicious activity during last year's massive data breach, but its staff decided not to take immediate action, the No. 3. U.S. retailer said on Thursday. "With the benefit of hindsight, we're investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement. The disclosure came after Bloomberg Businessweek reported on Thursday that Target's security team in Bangalore had received alerts from a FireEye Inc. security system on Nov. 30 after the attack was launched and sent them to Target headquarters in Minneapolis.

Cross-channel success in retail is all about coordination of data in an era where the number of channels and the amount information flowing through them keep growing. Think of the data streams from a variety of channels, including brick-and-mortar, websites, pay per click, email, direct mail, mobile devices, catalogs and more, and it's easy to see how the combined flood of information can reach the multiterabyte scale in a company's data network. The challenge comes in making sense of all this "big data" and teasing out important relationships and patterns from the noise.

Visa and MasterCard are partnering to create a new group that will focus on improving payment system security. The group will include banks, credit unions and retailers, and initially focus on adoption of EMV (Europay, MasterCard, Visa)-compliant card technology in the U.S. in advance of the October 2015 liability deadline. The group will also study tokenization — the replacement of customer account numbers with unique digital payment codes. "The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security," said Ryan McInerney, president of Visa.

While many retailers ask how to attract more shoppers, the better question is how to increase your conversion rate. Why? Because you can do promotions and marketing gimmicks until the cows come home, but if you haven't done all you can to convert those consumers who are in your four walls — the only place you can truly affect your sales — from lookers to buyers, then you're like a poor marksman constantly missing the target. Bigger retailers know that high conversion rates are their salvation and low conversion rates are the death knell of their operation.