LP Magazine

JUL-AUG 2014

LP magazine publishes articles for loss prevention, asset protection, and retail professionals covering shrinkage, investigations, shoplifting, internal theft, fraud, technology, best practices, and career development.

Issue link: http://digital.lpportal.com/i/352439

Contents of this Issue


Page 47 of 68

organizations are now routinely preparing for major power outages or natural disasters. We suggest having a similar plan for a data breach. Step one is who are we going to assign and what roles will they have? And I agree, I think you're going to want people at the highest executive level that you can get on the leadership team, to evaluate the situation on a day-to-day basis and make key decisions. But I also think you want a response team, and these would be people more like IT security professionals who would work directly in trying to find out and understand what happened in a breach and also work with third-party vendors if you choose to hire them. That response team would deliver a written plan to the leadership team and actually practice it. Do an exercise once a year. That way you'll find out the holes that are in the plan and what needs to be changed. KNISLEY: We talked a lot about what retailers should do in preparation, pre-breach, post-breach, and some expectations in working with law enforcement. Lou, I'd like your opinion on what retailers should not expect in working with law enforcement after a breach occurs? STEPHENS: Law enforcement will not remediate your network. You'll have to do that yourselves with whatever help you decide to hire. That's probably the biggest takeaway. We're there to investigate the crime. HENRY: I will add another point. From the perspective of law enforcement and the U.S. government's role, they will share intelligence to the extent that they can, but the government is not going to protect your networks. In the physical world, it's very clear what our government does. The government's fundamental responsibility is to protect you as citizens. If there are armies massing on the border, the U.S. government is going to be able to intervene and protect us. That's very clear. Everybody knows what it looks like when an adversary physically poses a threat to us, and what the government's response is going to be. But the government is not stopping the ones and zeroes from coming through the fiber. That's not happening. The government is not scanning the ISPs and filtering traffic. That is not happening. Therefore, the first defense, the first initial response to every one of these attacks—every single one—begins with each of us sitting here—our companies, our IT specialists. And that's why this intelligence piece, this idea of hunting on the networks; the things that we've all been talking about today are so critical. Why? Because this is the first time in history where the private sector has the primary responsibility for defense and protection. The government is doing some great things. With the intelligence they've collected, there are some things that can be shared and some actions that they can take proactively. But that's not from a defensive perspective on your networks. You own that responsibility. You own that obligation. The data that's being stolen is funded by your investors. It's your clients' information, your customers' information, your employees' information that they're entrusting to you, and you are solely responsible at the outset to protecting it and making sure that it really is safe. Satisfaction. The Yarra Honda four-story dealership in Melbourne, Australia focuses on customer service with help from Milestone XProtect ® Enterprise. Staf use the video surveillance software to identify showroom customers who need help and receptionists monitor if employees are at their desks before transferring incoming calls. Proving again Milestone can solve problems that are more than security. Milestone XProtect ® is the world's leading IP video surveillance management software and is reliable, future proof and easy to use. It supports the widest choice in cameras and seamlessly integrates with business and security solutions such as video analytics. Which means your possibilities are unlimited and you can keep your security options open. See our new products and the new ways to use XProtect at: www.milestonesys.com Milestone Systems U.S. Tel: 503 350 1100 47 LP MAGAZINE | JULY - AUGUST 2014 DEALING WITH DATA BREACHES

Articles in this issue

Links on this page

Archives of this issue

view archives of LP Magazine - JUL-AUG 2014