Add Neiman Marcus to the growing list of retailers that have announced information systems breaches over the past few weeks: In a company statement, the Dallas-based department store chain reported compromised servers, a hack that gave outside access to customer payment information. On the heels of Target’s holiday debacle, the news fueled the IT security discussion and elevated consumer angst.
This should be a call to arms for solution providers, vendors and distributors. No business will ever be 100 percent protected against a determined and skilled hacker, but IT channel professionals can help their clients build a solid line of defense that can stop a vast majority of intrusions.
Consumer Confidence Wanes
Last year’s holiday shopping season may end up being quite costly to retailers. In addition to the expected financial hit, the reputational damage may lead to other long-term repercussions for these well-known brands.
Neiman Marcus, for example, only disclosed the breach after a cybersecurity investigator posted a report suggesting the retailer’s customers were experiencing an unusually high number of fraudulent credit card charges. Company officials didn’t confirm the hack until early January, even though they’d known of the breach since at least the middle of December — when its credit card processor informed law enforcement officials. This doesn’t bode well for consumer confidence. On top of that, the luxury goods retailer has yet to reveal the depth and duration of the attack.
Several news reports suggest shoppers are considering a cash-only route when making Target purchases, which could severely limit discretionary buying. For many consumers, those optional items can make up a substantial part of the bill. Neiman Marcus may face a similar challenge depending on how far the news spreads and the ramifications of the breach.
Consumers who experience fraudulent credit card charges or identity theft from the compromised data are sure to be telling their stories for months to come, word-of-mouth that could further erode confidence in current cybersecurity methodologies. That should be a major concern for IT channel companies that protect the online and data protection activities for their clients. The CompTIA Security community members posted some startling statistics and sound advice for solution providers following the Target breach, pointing out that more than 705 million records had already been compromised in 2013.
A Chance for the IT Channel to Shine
While those numbers should alarm anyone who hands their credit card to a store clerk or shares financial or personal information online, it’s also a major opportunity for the IT channel. Channel professions who can help build a solid line of defense for their customers can guard against hackers like those in the Target case, who gained access to credit card information from millions of customers after installing malware on the company’s point-of-sale terminals. While these cybercriminals may use more elaborate intrusion methods than a typical SMB-focused online evildoer, the result can be equally damaging to the effected business.
Skilled and diligent solution providers are also valuable to their clients because end-users often grow complacent with security protocols or simply fail to ensure their systems are up-to-date and operational. In today’s era of untethered offices and bring-your-own-device strategies, organizations have to implement stronger protection measures and hold their employees accountable for following posted procedures. Those who don’t are extremely vulnerable to malware attacks and other malicious threats. They need a trusted adviser; someone who can thoroughly evaluate their security infrastructure and methodologies, with the skills to design and implement improvements if and when needed. They need someone with expertise to lock down wireless and wired networks, computers, smartphones, tablets and any other device that could be used to access company data.
Most often, data protection begins with the weakest link: their clients’ employees. Workers who fail to follow the proper protocols — some as simple as signing off from terminals when they walk away — can severely compromise any system put in place, no matter how elaborate or comprehensive it may be.
Today’s most valued IT professionals can train their customer’s workforce on the ramifications of not following prescribed security procedures, as well as providers who can design more foolproof systems that reduce gaps in their defenses.
Solution providers with the expertise and answers to these security issues can grow business with their existing client base, building trust and solidifying relationships by improving critical aspects of their data protection practices. When VARs and MSPs earn the right to access their customers’ operational strategies and business plans, they can offer more sound advice and design the best systems and support programs to help them accomplish those objectives.
Invest to be the Best
In order to properly support their customers and meet future growth goals, IT channel organizations must invest additional resources to improve network and data security services. They may undertake rigorous technical training or add new vendor offerings to their portfolio. Leveraging the resources offered by CompTIA can improve their skills on the business side of those operations. The association offers a multitude of Channel Training programs and materials around IT security, including Quick Start Guides, live and on-demand courses, and industry-specific research and market intelligence information. Solution providers can also elevate their stature and promote their high-level protection capabilities to clients and new prospects using an esteemed business credential such as the CompTIA IT Security Trustmark or the CompTIA IT Security Trustmark+.
As national and local news outlets continue to hammer away at big businesses for their lapses in data protection, what are solution providers doing to keep their SMB clients from experiencing similar fates? That is a key question every VAR, MSP, vendor and distributor should be asking this year.
Brian Sherman is founder of Tech Success Communications, specializing in editorial content and consulting for the IT channel. His previous roles include chief editor at Business Solutions magazine and senior director of industry alliances with Autotask. Contact Brian at [email protected].