Creating an Effective Data Security Plan

Press enter to search
Close search
Open Menu

Creating an Effective Data Security Plan

07/26/2016
New technologies aimed at meeting the demands of tech-savvy, omnichannel shoppers have pushed security breaches to the highest level of concern across the retail industry. In fact, retailers named mobile security as the weakest link for data and payment security, according to RIS News' "Business-Driven Security" custom research report. Retailers also pointed to POS intrusions and credit-card skimming as major areas of risk.

Even though retailers are spending billions of dollars on PCI compliance and EMV migration the truth is these measures cannot solve a retailer’s security problems by themselves. In a recent webinar hosted by RIS News, editorial director Joe Skorupa and Carole Murphy, global product marketing, HPE Security – Data Security engaged in a spirited discussion and discussed some of the key security challenges retailers are facing today and how they can best address them.  

Skorupa and Murphy explored how retailers can design a smart investment strategy that stays one step ahead of evolving threats; the key elements that comprise an effective data security plan; and the greatest areas of security risk and technology weakness.
 
The key topics discussed were:
  • Fraud Increasingly Shifting to Card Not Present Transactions. With US adoption of EMV the shift away from counterfeit cards is expected to continue, with mobile payments emerging as a major growth area. Card not present losses due to fraud expected to increase from $10 billion in 2014 to an estimated $19 billion in 2018
  • General Data Protection Regulation (GDPR). The GDPR released May 2016 replaces EU Data Protection Directive; applicable across all EU member states and global enterprises holding EU citizens’ data. The new legislation expands the definition of personal data, including location data, online ID, genetic factors, etc.; PII, PCI, and PHI data must be secured. Enterprises have until May 2018 to reach compliance, with significant financial penalties for non-compliance (up to 4% of company’s revenue).
  • GDPR and Encryption. The GDPR has called out encryption as an approach to mitigate risks associated with the processing of sensitive data — encryption does not break existing business process; data can be decrypted if need be;  and if data is encrypted then breach notification is not required.  Organizations need to review their entire security posture with a view of understanding the processes and controls needed to be implemented to protect the privacy of EU citizens.
 
The entire webinar is available free on-demand here. Don’t miss this opportunity to learn how retailers can take their security efforts to the next level.