Almost Half of Cardholders Avoid Stores Hit by Data Breaches
Don't let your company be the next on the list of companies with data breaches. In a poll by Creditcards.com, it was revealed that 45% of cardholders would "definitely not" or "probably not" return to stores hit by major data breaches. This is a major concern for businesses that simply can't be ignored.
Retail data breaches this year have included Target, Home Depot, Michaels, and many others. These security incidents have many sources — including phishing attacks, software vulnerabilities, and more.
But more than anything, human error is a major contributing factor in these incidents. In fact, IBM found in 2013 that 95% of cyber security incidents involved human error.
So what can retailers do to reduce the likelihood of a major data breach? Beyond investing in technology — you should implement a Security Awareness and Training program for your employees.
The 2014 U.S. State of Cybercrime Survey found that companies without security training for new hires reported an average of $683,000 in annual financial losses related to cyber security incidents. In contrast, those with training programs said they lost an average of $162,000 on security events.
While it's new to many organizations, an effective process for security awareness and training at a retailer looks something like this:
- Assess employee's knowledge with knowledge assessments and/or simulated attacks
- Use effective PCI DSS Compliance training that engages employees and does more than "check the box"
- Consider other training like Email Security, Social Engineering, Physical Security, and more - depending on what's appropriate for employees
- Reinforce training with security awareness materials like posters, screensavers, articles, and more
- Measure results - and continue the cycle to reduce employee security vulnerabilities
By following this methodology, retailers have an excellent opportunity to confront and address the human threats as a part of their larger security strategy. The stats are adding up demonstrating that being proactive is now significantly less costly than sitting on the sidelines.
Subscribe to the Proofpoint Blog