Skip to main content
close search
site logo
Dive Brief

Survey: Just 29% of retail employees can identify data security best practices

Published April 25, 2017
By
Contributor

Dive Brief:

  • Just 29% of retail employees can identify best practices in preventing common cyber and data privacy incidents, according to the 2017 Privacy & Security Awareness in Retail Report from MediaPro, which provides security awareness training for retailers and other businesses.

  • The report, based on a survey of 850 retail employees, tested employee knowledge across eight risk areas, including identifying phishing attempts, safe social media use and incident reporting. Based on respondents’ answers, MediaPro assigned them a risk profile of “Risk,” “Novice” or “Hero,” indicating the survey-taker’s privacy and security awareness IQ. Retail employees scored poorly in many key risk areas, with scores not much better than a typical letter grade C in school, while employees in several other industries were graded in the A range.

  • “Simply being PCI compliant is no longer enough for retail companies amid the countless cyber risks they face,” MediaPro Managing Director Steve Conrad said in a press release emailed to Retail Dive. “The research presented here and done by others in the industry demonstrates that retail employees need to know more than PCI best practices to keep sensitive customer data safe.”

Dive Insight:

Yes, these observations about how poorly trained retail employees are to handle common security and data privacy threats and incidents come from a company that would be more than happy to train retail employees how to better handle common security and data privacy threats and incidents. However, many other reports (which Mediapro cites in its report) have identified how big the security threat to retail is becoming, and some sources have suggested that adhering to PCI security standards doesn't necessarily turn your enterprise into Fort Knox.

One of the reports MediaPro quotes is from the Anti-Phishing Working Group, which has said that retail is the most-attacked industry sector. Another report from the Ponemon Institute said retailers face eight cyberattacks per year on average. The problem is real, and that can't be pointed out often enough.

Fortunately, retailers and payment companies are fighting back, trying to protect themselves and their customers by investing in an array of technologies such as EMV, anti-fraud systems (some of which use artificial intelligence) and more recently biometrics, among others.

However, at a fundamental level, retail is a people business, and security investments must be made at that level, too. Hard-working, helpful and positive-thinking retail employees still can provide better, more personal customer experiences than an e-commerce site sometimes can — if they put their minds to it. By the same token, if employees are not properly trained and aware of how to handle security and privacy incidents, their lack of understanding could lead to huge revenue leakage.

Filed Under: Technology

Editors' picks

Company Announcements

View all | Post a press release
Aroma Retail Supports Exponential Ecommerce Growth with Descartes Parcel Shipping Solution
From Descartes Systems Group
November 04, 2024
Nakisa Unveils Next-Generation IWMS Product Portfolio
From Nakisa
November 04, 2024
Yuma.ai Raises $5 Million to Transform E-commerce Customer Support with Advanced AI Agents
From Yuma AI
October 30, 2024
The Tile Shop digitizes and automates store facilities operations with Facilio’s Connected CMMS
From Facilio
October 17, 2024
Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell