The security problem did not start in July 2005 with the first intruder; this was the hole that did not get filled in time. Early detection of the virus could have prevented widespread infection, but either carelessness or ignorance kept the company from looking. The first major concern is that early detection was not an option or the data that was collected was unused. Next the Customer data was kept in a fashion that could be compromised, either unencrypted or access control was inadequate. This shows a deep level of technological inadequacy by the company, the working technology knowledge of the business owners was too low to avoid risky practices. Older technology made it easier to break, cost saving approaches to technology and use were
…show more content…
The most obvious option would be to train every employee and manager about the best security practices and ensure compliance with protocols throughout the organization. This however would do very little without good security policy and guidelines. Hiring or contracting security consultants would be the best way to ensure that the best industry standards are being set, and then an informed managerial staff could reasonably follow and create good security strategies. Another possible avenue for improvement would be to remove many of the older technologies that are more risky. While this may make the employee’s life’s more difficult or tedious as well as being costly, the customer’s data and trust are at stake. Keeping updated and secure databases should be a cost considered when describing the benefits it provides. Short of removing all technology from the business, there is no way to avoid the cost of keeping data secure from hackers. A centralized approach to the problem might be another way to solve the problem. Instead of housing data at each store, datacenters with strict policy, guidelines, and procedures. This would eliminate the need for storeowners to have to worry about most of the security concerns and the focused area could ensure that each store is meeting all requirements and …show more content…
When each member of the organization is accountable for the data they oversee the workers are very likely to start asking the right security questions. The top down approach is effective in some large companies, but is inappropriate for TJX, the scale of the company’s business requires that all levels of the company be wary and cautious of all possible threats. The bottom up approach in an informed system can isolate potential holes in the system, and then the proper management can allocate appropriate resources to the problem. Having every employee involved also ensures that the high level goals of the organization are not undone by the carelessness of an entry level associate. The training is costly in terms of money and time, and making people care about security has been a problem in business for as long as there has been business. In the information age this is no longer an acceptable attitude; every employee is liable because every employee has the capacity and resources to do terrible harm to not just customers but the
The most obvious option would be to train every employee and manager about the best security practices and ensure compliance with protocols throughout the organization. This however would do very little without good security policy and guidelines. Hiring or contracting security consultants would be the best way to ensure that the best industry standards are being set, and then an informed managerial staff could reasonably follow and create good security strategies. Another possible avenue for improvement would be to remove many of the older technologies that are more risky. While this may make the employee’s life’s more difficult or tedious as well as being costly, the customer’s data and trust are at stake. Keeping updated and secure databases should be a cost considered when describing the benefits it provides. Short of removing all technology from the business, there is no way to avoid the cost of keeping data secure from hackers. A centralized approach to the problem might be another way to solve the problem. Instead of housing data at each store, datacenters with strict policy, guidelines, and procedures. This would eliminate the need for storeowners to have to worry about most of the security concerns and the focused area could ensure that each store is meeting all requirements and …show more content…
When each member of the organization is accountable for the data they oversee the workers are very likely to start asking the right security questions. The top down approach is effective in some large companies, but is inappropriate for TJX, the scale of the company’s business requires that all levels of the company be wary and cautious of all possible threats. The bottom up approach in an informed system can isolate potential holes in the system, and then the proper management can allocate appropriate resources to the problem. Having every employee involved also ensures that the high level goals of the organization are not undone by the carelessness of an entry level associate. The training is costly in terms of money and time, and making people care about security has been a problem in business for as long as there has been business. In the information age this is no longer an acceptable attitude; every employee is liable because every employee has the capacity and resources to do terrible harm to not just customers but the