It may be that most wonderful time of the year for the general public, but the holidays often bring tidings of great security risk to retailers.

A new study by Osterman Research Inc. reveals a number of data security pitfalls among retailers that could lead to security breaches. That is certainly not good news, considering that the holiday season has seen some of the largest security data breaches over the past few years.

The study polled CISOs, CIOs and other IT managers in 125 large retail organizations, and was sponsored by cybersecurity company Bay Dynamics. All of the retailers have at least 2,000 employees and are located in the United States.

Overall, the report finds that many retailers have a false sense of confidence when it comes to protecting their organization’s – and consumer – sensitive data. A majority of retailers indicated they believe they are doing a good job with IT security efforts, but the study shows “gaping holes in their security programs such as sharing login credentials among multiple employees and not knowing if sensitive data is being leaked.

Among the survey findings:

Here are some of the highlights:

Employees are using shared accounts:

“While a majority or half (62% and 50% respectively) of respondents said they know everything their permanent and temporary employees are doing on their corporate systems, 21% said their permanent retail floor workers and 61% said their temporary floor workers do not have unique login credentials for corporate systems. This means those workers are using shared accounts – which include the same login credentials. As a result, IT and security teams do not know everything their permanent and temporary employees are doing on their corporate systems.

They do not know if sensitive data is being leaked:

“More than a quarter of respondents said they don’t know if their temporary employees have ever accessed and/or sent data they should not have accessed or sent.”

Access unknown:

“More than a third (37%) of respondents said they cannot identify which systems their temporary employees have accessed.

False sense of confidence:

“In spite of the data listed above, on a scale of 1 to 7, with 7 being the most proactive, the majority of retailers (80% or higher) gave themselves a 6 or higher when it comes to identifying critical assets that must be protected, detecting theft or data leakage, and controlling employee access to critical assets.”

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access