What can the plight of Target teach us about risk management?
By now the whole world knows that Target’s data security breach has cost its CEO, Gregg Steinhafel, his job. The story contains lessons to be drawn about risk management.
Target is looking for a fresh face to run its operations after hackers stole credit and debit card information from the company’s database. Since that time, the company’s stock price, sales, and profit have all declined.
After Steinhafel’s resignation, CFO John Mulligan has been tapped to fill in as interim CEO. He will serve in that role until a permanent replacement has been selected.
“The last several months have tested Target in unprecedented ways,” Steinhafel wrote in a letter to the board of directors. “From the beginning, I have been committed to ensuring Target emerges from the data breach a better company, more focused than ever on delivering for our guests.”
Steinhafel wasn’t the only executive to leave the company after the data breach. The company’s Chief Information Officer, Beth Jacob, resigned as well.
Target has since named Bob DeRodes, an IT veteran, as its new CIO. As of this writing, the company continues its search for a new information security officer and a compliance officer.
Did Target take information security risks seriously?
What lessons can be gleaned from the plight of Target? First, always use state-of-the-art information security technology. This is an area where you, as a small-to-medium sized business (SMB) owner, might not have a great deal of expertise. If that’s the case, then be sure that you outsource your information security to a company with an outstanding reputation in that field.
Next, if it can happen to Target, it can happen to you. Target is a company with a market capitalization of close to $40 billion. That company had money to throw around at problems like information security. Still, it fell victim to hackers. That means that SMB’s, with far less cash on hand, are subject to data security breaches as well. Be vigilant.
Finally, we can learn that data security exposures are financial exposures. It was credit and debit card information that was stolen. Obviously, that information can be used to jeopardize the credit of those people who owned the cards. They can, in turn, sue Target for the drop in their credit score.
As a business owner, you can learn from the experience of Target and avoid falling into the same trap. Be sure that your information security is robust and that you’re always wary of outstanding threats.