Using Email Reporting and Remediation to Build a Security Aware Culture

Almost Half of Cardholders Avoid Stores Hit by Data Breaches

Share with your network!



Don't let your company be the next on the list of companies with data breaches. In a poll by, it was revealed that 45% of cardholders would "definitely not" or "probably not" return to stores hit by major data breaches. This is a major concern for businesses that simply can't be ignored. 

Retail data breaches this year have included Target, Home Depot, Michaels, and many others. These security incidents have many sources  including phishing attacks, software vulnerabilities, and more.

But more than anything, human error is a major contributing factor in these incidents. In fact, IBM found in 2013 that 95% of cyber security incidents involved human error.  

So what can retailers do to reduce the likelihood of a major data breach? Beyond investing in technology  you should implement a Security Awareness and Training program for your employees. 

The 2014 U.S. State of Cybercrime Survey found that companies without security training for new hires reported an average of $683,000 in annual financial losses related to cyber security incidents. In contrast, those with training programs said they lost an average of $162,000 on security events.

While it's new to many organizations, an effective process for security awareness and training at a retailer looks something like this:

  • Assess employee's knowledge with knowledge assessments and/or simulated attacks
  • Use effective PCI DSS Compliance training that engages employees and does more than "check the box"
  • Consider other training like Email Security, Social Engineering, Physical Security, and more - depending on what's appropriate for employees
  • Reinforce training with security awareness materials like posters, screensavers, articles, and more
  • Measure results - and continue the cycle to reduce employee security vulnerabilities

By following this methodology, retailers have an excellent opportunity to confront and address the human threats as a part of their larger security strategy. The stats are adding up demonstrating that being proactive is now significantly less costly than sitting on the sidelines.