How Retailers Jeopardize Security With Temps
-
How Retailers Jeopardize Security With Temp Workers
Some retailers that do not fully understand security can put their business at risk by improperly vetting and training temporary—and permanent—employees. -
Employees Share Log-in Credentials
Although respondents said they know what employees do when they access corporate systems and data assets, that is not so. 21% of permanent and 61% of temporary floor workers do not have unique log-in credentials for corporate systems. -
Shared Login Credentials Are Hazardous
When employees share accounts, retailers have no visibility as to what each individual does when he or she accesses corporate systems and data assets. -
Temporary Employees' Access to Systems Is Unknown
37% of respondents cannot identify which systems their temporary employees have accessed. 8% cannot say which systems permanent employees have accessed. -
Retailers Don't Know if Sensitive Data Has Been Leaked
26% of respondents don't know whether temporary employees have ever accessed and/or send data they should not have accessed or sent. -
All Workers Create Risk
66% of respondents view permanent workers as somewhat risky. -
Temporary Workers Are Risky
Survey respondents acknowledge that temporary workers are somewhat risky (47%) and fewer view them as high risk (32%). -
Retailers Have False Sense of Confidence
81% of retailers give themselves a rating of 6 or greater when it comes to identifying critical assets to protect, detecting theft or data leakage, and controlling employee access to critical assets. -
Security Awareness Training Is Inadequate
Seven in 10 IT decision-makers believe their retail organizations proactively provide security awareness training to employees. But 80% do so only once or twice a year. -
Factors Accounting for Employee Risk
High turnover in retail industry: 5% change jobs monthly, translating into 60% annually. Holiday rush hiring results in minimal vetting. High turnover and rush to hire seasonal workers results in little employee education, especially regarding security.
Retailers misunderstand what is necessary to keep their businesses truly secure and are cutting security corners without even realizing it, according to a new study. They promote a culture, particularly during the holiday season, that focuses on business essentials—sales, pleasing customers and growing revenues—but not on security essentials, according to Bay Dynamics' survey, "The Pre-Holiday Risk Report." The cyber risk analytics company commissioned Osterman Research to conduct the survey, which polled 125 large retail organizations' CIOs, CISOs and IT managers. All the retailers have at least 2,000 employees and are in the United States. The report says that hastily hired temporary employees are part of the problem; few retail organizations can identify which systems these workers have accessed. "(This) represents the worst possible scenario: these are the employees for whom the IT/security team has the least visibility into their behavior on corporate systems, employees that have the least security awareness training, that have been vetted the least, and that have the least to lose from inadvertent mistakes or malicious activity," the report revealed.