How tech-savvy is your retail operation? Is it tech savvy enough to know that simply throwing out old computers, POS terminals, and other technologies could put the company at risk for a major data breach?
You might be surprised to learn that even some very large retail outlets have learned about data destruction the hard way. For example, in 2015, Safeway stores were fined $10 million for failing to properly dispose of confidential customer data. This included confidential HIPPA-protected data from Safeway pharmacies.
However, proper data destruction is an oft-overlooked strategy. You can be forgiven if you’ve never given it any thought, so long as you take steps to address the problem now.
Data destruction – the security measure you might not be thinking about.
Most articles about retail data security focus on things like encryption, blocking malware, and employing better technologies. Chip-n-pin cards, for example, receive a great deal of attention right now. There is also some focus on monitoring employee behavior and knowing where the data is going.
However, even major industry professionals often forget to mention what happens when you simply throw an old POS terminal into the trash, or what can happen when you donate or sell an old computer.
Of course, there’s nothing wrong with selling or donating an asset… if you’ve made absolutely sure that you’ve gotten rid of all the old data on that hard drive first. Often, this isn’t as straightforward as many companies assume. It’s important to be aware of the fact that hitting “delete” on a file does not truly get rid of the file, even if it looks gone.
Criminals routinely buy old electronics for the sole purpose of pulling the old information off of the drives. In some cases, this is even worse than a hacking attempt. Your data is out there, be it customer data, trade secrets, or employee data. But you might never know about it. Or, you may find out… but only after your company has been served with a pricey law suit.
Data leak? Say goodbye to your customers.
Lawsuits aren’t the only threat when it comes to data leaks. Any data breach can cause you to lose a significant portion of your customer base. The costs can be staggering.
A whopping 66% of consumers have reported they’d stop doing business with a company once the company suffers from a data breach. That means a 2 out of 3 customers believe retail stores have a duty to protect their data, and are not very forgiving when retailers fail in that duty. In fact, studies show that customers have very long memories when it comes to pinpointing which companies have been careless with their data.
One could imagine the lack of forgiveness would be even worse for customers who learn a company has failed to take even basic, simple, and cost-effective measures to protect their data.
What would your store do if you lost 66% of your customer base? Would you be able to stay in business? And for how long? Would you ever be able to recover your good reputation? Do you have an effective win-back strategy in place if something does happen?
Yet despite these risks, many companies are reluctant to take responsibility for their own data.
Over 90% of executives say they can’t even read a cybersecurity report. 40% of these executives feel like they are not responsible for protecting customer data. These are dismal figures. Who should be responsible for the data, but the person or organization who is collecting and using the data?
The same report noted that companies lose $445 billion to cybercrime every single year. And at the moment, there is no unified standard for cybersecurity, or for data or hard drive destruction policies which might put customer and employee data at risk.
This means retailers aren’t the biggest source of data breaches, but they nevertheless represent a significant portion of the problem. In addition, retail breaches, along with banker breaches, are some of the most memorable. You can probably remember Target’s 2013 data breach with ease, but might struggle to remember the name of the last hotel who had a breach, even though hotels account for 11% of data breaches and carry much the same sorts of data.
Fortunately, the proper data destruction is easy and inexpensive. You just need to work with a trustworthy company who will help you identify threats, pick up old threatened electronics, and use the latest technology to wipe those hard drives clean.