Protecting customers information Precautions from data breach

Target Corporation has started business on February 11,1902 based out of

Minneapolis, USA. The company is engaged in providing daily-required essentials
and fashionable and different merchandise products for discounted prices. Presently,
the company is doing sales through stores, online and even through mobile devices.
They even have urban format stores named as CityTarget and TargetExpress that offer
general merchandised and food assortments. According to Hoovers, Target is
considered as US 2nd biggest discount chain after Wal-Mart. Presently it operates 1795
stores and also issues credit card with special discounts on the card. It has expanded
very aggressively and entered into Canadian market in the year 2013 with 124 stores
but failed to attract Canadian customers and had to pull out in the year of 2015. Target
mission statement is Our mission is to make Target the preferred shopping
destination for our guests by delivering outstanding value, continuous innovation and
an exceptional guest experience by consistently fulfilling our Expect More, Pay Less brand promise. The vision statement of Target is To support our mission, we are
guided by our commitments to great value, the community, diversity and the
environment.

In general, it is very important for any organization to protect their customers data
seeing todays competitive environment. Organizations with huge database of
customers are considered to be as one of the leading business organizations. With the
information of customers, they can observe their customer buying behavior and
predict about what customer going to buy in near future. If organizations dont protect
customers data and if they give products for lesser price also customers dont buy

products as they are more worried about their information rather than the price offered
by the retailer.

Proposed Alternatives and review of potential technologies

Every business organization that store customers personal information and deal with
debit and credit cards transactions especially regardless of size and the volume of
customers data can have security breach and be a victim for any eavesdropper. As
they deal with important information of their customers they need to have data
protection from getting breached. Organizations should follow some best practices for
protecting their customers data, staysafeonline.org that is powered by national cyber
security alliance purposes few best practices like
Keep a clean machine: Organizations must use security software and have
updated always even the operating system, which defends from viruses, malware and
any other online threats. Automatic updates should be on always and be connected to
defend against risks.
Scan all new devices: It should be considered as mandatory to scan USB device
before attaching to the network.
Use a firewall: Should have installed proper firewall to protect from sensitive data
and have criminals out.
The alternatives for protecting customers information are
1). Database Encryption: According to wikispaces, the one of the major advantage
of database encryption as that it separates the security if data from the security of the
device where the data resides or the medium through the mode data is transmitted.
Data encryption even provides additional strong protection for intellectual property.
The encrypted data needs the key to unencrypt the data and it is given to particular

user or system, so that no third party can access the data and intercept data packets.
We can have peace of mind as database encryption additionally gives following
advantages like identity theft protection, safe decommissioning of computer,
unauthorized access protection and compliance with data protection acts.
The other side of data encryption, its very complex technology and management of
keys is an additional administrative task that needs more IT staff. It is also important
to take care of security of encryption keys, if the user lost the key he might even loses
the data. For organization it is expensive to encrypt and decrypt the data and must
have available resources. We can observe one more drawbacks is system performance
comes down upon deployment of full-disk encryption. Poor encryption will risk data
and be open to attack.

2). Multi-levels of passwords: This data authenticates the user and the data in
packets at multiple levels. The password is entered at multiple levels or stages and
connects users as at every level it checks for the privileges and access rights available
for the user. The different levels can be organizational level, departmental level and
from the next level it will be concatenation of the passwords entered for previous
levels. The passwords will be like P1, P1+P2, P1+P2+P3, P1+P2+P3+P4+Pn. At
any level, unauthorized users (hackers) are terminated immediately. The advantage of
using multi-level authentication gives organization more stringent security measures
to protect data. Even anyone intruder or hacker aware of one of the password, it will
not be helpful him much unless he has all the passwords. Even inclusion of biometric
passwords will be biggest security measure any organization as it is very difficult of
having replica of biometric passwords and the system becomes impossible to crack
authentication process.

The major drawback we have for this methodology is at organizational level, the
manager does have all the passwords of subordinate levels. If manager betrays then it
is huge loss to the organization. We can overcome this drawback, the password can be
split and share between three managers. So, if one tries to betray also the organization
data still it is safe.

3). Malware detection software: The term malware is combined with two words
malicious and software and in simple words said as unwanted software. Malwares
have been characterized by the ability of replication, propagation, self-execution and
corruption of computer system. We have so many malware detection software in the
market classified with following detection techniques
Signature-based detection: This method has some limitations as it can only
identify a limited amount of emerging threats like generic, signatures or extremely
broad. Signature based detection will scan the contents and check file contents against
a dictionary of virus signatures. If any virus signature found matching with dictionary
virus then anti-malware software will immediately take action and delete the virus.
Heuristics-based detection: Heuristic based scan will detect unknown, new viruses
in the system which are not identified. This type of malware detection softwares finds
unknown viruses through signature or a string of code. The main advantage is
detecting of different viruses based on common characteristics.
Behavioral detection: This type of detection has been researched recently and
identified as it is based on analysis of system call dependencies. Previously it takes
advantage of the processing power now it is also available on disk drives. The rules
are for behavioral malware detection is by recognizing the file characteristics such as
infecting behavior. The current approaches are very basic flaws as they have been

dependent on host-level defenses and more over dependent on static analysis.

According to Paul, who had researched about behavioral malware detection says that,
using the disk processor to improve malware detection is desirable since nearly every
system already has a disk processor and it is privy to all disk accesses.
Cloud-based detection: According to John from Black hills information security,
says cloud based detection is better as different vendors develop different signatures
for a given set of malware. Anyways, we can observe that signatures differ from one
vendor to another vendor. So the technique is not unique it changes from vendor to
vendor. There is drawback for this approach as the organization need to site license
for each and every product they are planning to implementing. This approach
increases overall cost and John personally doesnt believe that it is good solution as
attacker may build virus to attack systems.
Selection and Recommendation:
For above-mentioned best practices, I suggest database encryption that is encrypting
customers database and person with keys only encrypt the database. Following
vendors are ranked top in the market for providing database encryption

Microsoft They provide encryption capabilities through their Windows BitLocker

software that is built by default into their new client operating systems.
McAfee They have integrated their encryption software into their central
management system but also offer the original encryption software as well for
businesses that have specific requirements.
Symantec They provide security and storage solutions and offer a data encryption
solution for clients and removable devices. File encryption by Symantec is an
endpoint encryption platform for small, medium and enterprise level organizations.

 Check point software technologies: They are leading security vendor and offer
both full disk and removable media encryption.
SafeNet: It is a security vendor with a large focus on data encryption. SafeNet have
a range of solutions including database security and two factor authentication. They
also have a number of encryption options.
It is very critical to choose encryption tool as they are many available in the market
and few are even open source freely available for download. The above mentioned
provide customized data encryption tools as per client requirements. I would suggest
McAfee as best encryption software keeping in mind economic, operational and
technical feasibility for an organization. With using McAfee tools organization have

Multiple storage and sharing options

Policy-based, scalable encryption
Automatic, always-on encryption
Transparent end-user experience
Granular Flexibility
Encrypted document sharing
Removable media encryption
Multiple configurable protections

McAfee even provides encryption solutions are available as key components in

following protection suites

McAfee complete data protection Advanced suite

 McAfee complete data protection suite

McAfee complete data protection Essential suite
McAfee complete endpoint protection Business suite

Getting McAfee data protection suites is very much economically feasible for
organizations, as they have customized options and different suites depending upon
clients budgets. McAfee anti-virus softwares are very technically feasible for home
based PC in the same way they are very much technical feasible for servers running
on different operating systems.

References:

1). http://www.reuters.com/finance/stocks/companyProfile?symbol=TGT
2).
3). http://www.transfirst.com/resources/merchant-basics/data-breach-protection
4). https://www.staysafeonline.org/business-safe-online/protect-your-customers
5). http://www.forbes.com/sites/quickerbettertech/2013/12/31/7-ways-to-protectyourself-against-a-data-breach/
6). http://www.forbes.com/sites/quickerbettertech/2013/12/31/7-ways-to-protectyourself-against-a-data-breach/
7).http://networking116.wikispaces.com/Encryption+Advantages+and+Disadvantages
8). Naik, Tanvi, and Sheetal Koul. "Multi-Dimensional and Multi-Level
Authentication Techniques." International Journal of Computer Applications 75.12
(2013): 17-22.

9). Saeed, Imtithal A., et al. "A Survey on Malware and Malware Detection Systems."
analysis 3.10 (2013): 13-17.
10). http://www.easynetlive.info/based-detection.html
11). http://www.pandasecurity.com/usa/homeusers/support/card?Id=7
12). https://en.wikipedia.org/wiki/Malware_research
13). Paul, Nathanael R. Disk-level behavioral malware detection. Diss. University of
Virginia, 2008.
14). http://searchsecurity.techtarget.com/answer/Does-cloud-based-antivirus-providebetter-malware-detection
15). http://searchsecurity.techtarget.com/tip/How-antivirus-software-works-Virusdetection-techniques
16). http://jafsec.com/Encryption/Encryption-A-B.html
17). http://www.mcafee.com/us/resources/solution-briefs/sb-endpoint-encryptionkeeps-data-safe.pdf
18). http://retailindustry.about.com/od/retailbestpractices/ig/Company-MissionStatements/Target-Mission-Statement.htm