The retail sector is one of the largest sectors affected by data breaches with cyber security and corporate crisis being at the core of many attacks. There is indisputably an increase in the number of companies becoming the victim of data breach and the vast percentage of businesses targeted fall within the retail sector.
How do we reduce the risk of data breach within a sector plagued by threat and attack? I have been looking at this topic from an organisational perspective and form the following opinions. We already know that the concept of data breach occurs when confidential and personal information falls into the wrong hands, but the question I ask is how exactly does this situation happen when systems and processes are in place? It is evident that the theft of data is proving to be a highly lucrative market for fraud, and attackers spare no mercy when it comes to targeting organisations, the result of which regularly leads to the closure of businesses incapable of recovering in the aftermath, becoming nothing more than a statistic within the expansive area of data breach. It is important that I note the relevance of my reference to employees and the role of staff within the workplace. They are, and always will be a vital part of an organsiation and a significant cog in the wheel. What I must emphasise is that they have the power, either wittingly or unwittingly to leave an organisation in a highly vulnerable state and expose it to a breach in data. With this knowledge, how do we prevent staff becoming unintentional threat hazards?
I feel that that it is imperative that employees are made aware of the danger associated with data breach and understand that it can happen within an orgaisation through employees failing to comply with policies. I make reference to a typical situation concerning an employee within a large retail store. This employee is a direct user of systems within their workplace. During their hours of work, the employee is responsible for guarding and using systems and processes such as a POS system. Perhaps that particular employee has failed to accept a recent policy which may be due to a variety of reasons and is unaware of a new procedure to assist with the protection of data, therefore the employee fails to provide adequate protection.
In my opinion, communication is key to developing an organisational culture that adheres to compliance procedures and one which values and protects data and information. It is vital that employees have regular access to policy teachings that can be implemented through a data protection and breach awareness campaign. In my opinion I believe the development of a tailored campaign is required with the objective of ensuring all involved are made aware of policies that prevent data breaches whilst fully understanding.
The development of such a campaign must include a fundamental communication strategy ensuring a complete understanding of the hazards and preventions of data breach. Depending on the size and nature of the organization involved, I feel there are a variety of approaches including email or face-to-face communications followed by evaluation of teaching and awareness levels. This may be followed up by short and snappy awareness messages which may be scheduled on a regular basis via email or directly onto the desktop of computer screens and may include occasional questionnaires to gain an in-depth awareness of the audiences’ understanding of the policies and their use of data.
It may also be useful to arrange focus groups as an opportunity to discuss data breach protection and prevention as well as a situation for two-way communication where concerns or questions may be addressed. I feel it is important that the campaign also embraces additional technologies; ideas such as apps and social media for sharing interesting information and case studies may be helpful. By communicating across a spectrum of technologies and employing new communication channels, I feel there will be a greater awareness of data breach and the issues and preventative measures that can be implemented across organisations.