Gap debuts in Poland
New York City — Gap Inc. on Thursday opened its first store in Poland, in Warsaw’s Arkadia mall.
Gap and its Polish franchise partner, Ultimate Fashion, are planning to open more stores in Poland in 2012 and expand to other countries in the region.
Nine Cyber Monday Data Loss Prevention Tips for Retailers
By Todd Feinman, CEO of Identity Finder
- It’s 10:00. Do you know where you data is?
Like good parenting, good IT security requires constant vigilance. Your sensitive data has a tendency to wander out of secure systems each time an employee accesses it. Regularly scan your network’s devices hard drives with data-at-rest data loss prevention software to create a detailed data inventory. Having an up-to-date data inventory aids compliance with several regulations, and enables a quick, surgical response in case a breach ever occurs.
- Backups are essential, but expand your security perimeter
Anyone who has ever lost data to a system crash knows the importance of backing up vital corporate information. But beware what you store, and for how long. Wholesale daily backups may inadvertently violate the law if they accidentally store credit card or other sensitive information. Treat each backup with the same level of security as your live data, and remember that each backup expands your security perimeter. Periodically scan backups and remove old sensitive information.
- What’s on that old hard drive, anyway?
A major source of corporate breaches is old, forgotten information. Sometimes forgotten servers with sensitive information are accidentally connected to the internet; unsanitized hard drives end up on E-bay; old email attachments sit like landmines on backup drives. Take time to scan old hard drives and every network device to determine which devices contain sensitive information. You’ll be glad you did, and surprised at what you find.
- Destroy old hard drives
When retiring a computer, never donate, recycle, or sell the computer without removing and destroying the hard drive. If you must leave the hard drive intact, use scanning and shredding software to permanently erase critical data, including already-deleted data.
- Segment your networks
Building Fire Walls don’t prevent fires, but they do limit damage when fire happens. Likewise, proper network segmentation and network firewalls will reduce the scope, cost, and difficulty of a PCI-DSS assessment, and potential liability associated with guarding sensitive personal information. By segmenting users from each other as well as network assets, you limit your exposure to potential malware, or even an attacker. Treat employee computers as untrusted devices whenever practicable.
- “Trust but verify”
Even small retailers may have multiple locations. Even though each location may be required to install standard point-of-sale equipment and adhere to the corporate security policy, not all locations may strictly adhere to the policy. While you must trust branch managers, it is also vital to verify that their networks are not storing sensitive information against corporate policy.
- Encryption is key, but not a silver bullet
Encrypt. Seriously, encrypt. Disk and database encryption protect information while it’s stored, ensuring it can’t be read except by someone who has the encryption key. Several States’ laws now require encryption of sensitive information while in motion and at rest. Although data-at-rest encryption is fundamental to any data loss prevention strategy, it won’t prevent employees or malicious outsiders from accessing and exporting the information while the hard drive is on.
- Don’t forget physical security
Hacking, malware, social engineering and other threats tend to grab headlines, but don’t forget to secure your computers with physical locks, or store them in a secure facility.
- Lock your computer when you walk away
Train employees not to leave desktops or laptops unattended. If employees must leave a computer unattended, they should have a habit of logging off or locking the computer to prevent unauthorized access. Use strong passwords with letters, numbers and punctuation, and never share them or store them in easily accessible locations.
Todd Feinman is CEO of Identity Finder.
Target.com under new leadership
MINNEAPOLIS — Target merchandising executive Casey Carl was given added responsibilities for the retailer’s online businesses, following a series of snafus related to an August relaunch that resulted in the departure of former online president Steve Eastman.
Carl will serve as president of multichannel with responsibility for Target’s digital platforms including mobile, social and Target.com, while retaining his prior responsibilities as SVP merchandising for entertainment, toys, sporting goods and electronics.
“We are firmly committed to implementing a multichannel strategy that enables our guests to engage with Target anywhere, anytime,” Target EVP merchandising Kathee Tesija said. “Under Casey’s leadership and with the support of a strong team, we are confident that we will continue to improve our digital operations and deliver on our ‘Expect More. Pay Less’ brand promise.”
Carl joined Target in 1997, and in his recent capacity as SVP hardlines, he was co-lead on the retailer’s multichannel steering committee.