The retail industry is integration in action. The business owner or corporation for the most part has a computerized operation—from point-of-sale and employee time and attendance to security and a host of information technology functions. It’s a perfect example of blending security and information technologies.
Retailers continue to anticipate the future and work with what is available today, with many now using various aspects of the Internet for daily operations. They use it not only for security and remote monitoring and management functions, but other data and transactions. As such, they have opened their business landscape to new threats—such as those involving information security and the network, which is the conduit of data to and from the business. In addition, many retailers have established online businesses and sell goods and services via this medium as well, which adds another potential breach to the picture.
Retailers are technology-driven organizations, relying heavily upon intranets, extranets, VPNs (Virtual Private Networks) and other types of servers and mediums to transfer and collect data. Open lines of communication are great, but they also increase the vulnerability of the business from all fronts.
Not just shoplifters
Gone are the days when the primary security threats came from shoplifters and robbery. Thieves have become more sophisticated. Today, much of the focus has shifted to employee or internal theft, as this is where most revenues by retailers are lost. Retailers have put many checks and balances into place to thwart internal theft, such as register/point-of-sale tracking and other computer and network safeguards. They have also turned to developing a corporate culture that takes pride in its business and customers in hopes that a positive mental attitude will convince em- ployees not to steal from the hands that feeds it.
Now, the focus has shifted again, to the company’s internal network. The network is a main clearinghouse, if you will. Retailers have had to automate most all of their respective business functions (inventory, time management, ordering, etc.) and thus support such advances with the required technology. Much of it, of course, is over the network.
The technology and infrastructure in the retail industry is not only complex,
but vulnerable. In fact, according to published figures by the FBI, 55 percent of all U.S. companies have, in the past, experienced security breaches of their internal networks at an average cost of roughly $142,000 per incident.
Perhaps one of the biggest potential breaches is that many retailers have open environments, i.e., networks that allow customers and vendors to basically tap into portions of the system on a routine basis. The flip side of this coin is the uninvited guests: countless hackers abound and exist primarily to cause nothing short of chaos. Hackers seem to have the ability to crack through most operating systems. Most people have either heard or read about some of the more publicized incidents in which retailer’s networks have been hacked into and confidential customer information stolen. This can escalate into identity theft, another type of crime that continues to grow.
The online world is fraught with danger, and nowhere is this more evident than in e-business. In fact, reported figures place online fraud as high as $9 billion with projected estimates for 2005 continuing to climb higher.
Retailers find themselves in a precarious situation since they not only have access to, but also collect and store vast amounts of personal and private information such as demographics (names, addresses, phone numbers, e-mail addresses, etc.) and confidential information such as credit card and account numbers and even Social Security numbers.
There are long- and short-term safeguards, depending on your organization and its budget. Common practices include setting up firewalls, data encryption, virus protection software installation and intrusion detection software. Of course, additional software and hardware installed within the organization should be thoroughly assessed by both security personnel and information technology departments so that it is crystal clear as to whether or not it is in line with other established in-house programs.
Many of these measures can be deployed quickly. However, an ongoing monitoring and assessment program would be necessary as threat levels change. Many retailers and large organizations have in place someone to manage this one particular function to avoid any lapses.
Additionally, larger retail organizations may seriously consider bringing on board a Chief Technology Officer (CTO) to consistently assess and monitor security issues. This may seem to be a drastic and expensive step to take, but when you step back and look at the potential and perceived threats that exist on a daily basis, having someone in charge of just that particular aspect doesn’t seems logical and necessary. Just one small gap in security can wield enough power for someone to tap in and bring down an entire network. Sounds scary, but it is a fact of life that co-exists with other concerns of the current retail environment.
STONG-MICHAS, a freelance writer, lives in central Pennsylvania. She can be reached at JenLeahS@msn.com.