Home Depot Security Risk Management

Never misuse or use email for personal use. Never share your password with anyone. Sharing business records and or information with anyone outside the office can become a legal matter. All passwords should be changed on a quarterly basis. And the system will prompt you to do so. Always be accountable for your actions, follow the office guidelines when it comes to regular password changes and keep your supervisor\manager in the loop. When everyone has the same understanding, they know what to expect!

Home Depot’s retail strategy is one of reasons for its fast growth and continued leadership in the home improvement retailer industry. Its focus on speed, efficiency, and quality has made it one of the largest retailers in the world. Home Depot focuses on being a leader in “product authority.” Walmart and Costco are leaders

Home Depot is the fastest growing retailer in the U.S. by some accounts. It has a fascinating history of innovation and entrepreneurship. The company had some difficulties in the mid-2000s that some attribute to cultural clashes. However, during this period the company was able to take full advantage of the housing boom. Yet when the bubble burst, Home Depot was forced to claim substantial losses. Despite these loses Home Depot has weathered the storm fairly well and is in prime position to take advantage of an economic recovery; if it ever comes.

The departments of a company that are holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).

Employees can keep the information safe by minimizing screen when people or passing or when leaving the computer. The employee also should not share their password with anyone at anytime.

Home Depot strives to provide the highest quality service to its customers. Home Depot achieves this by hiring professionals such as, carpenters, plumbers, and paint specialists. These experts are invaluable resources for less knowledgeable customers looking for a certain product or working on a new project. The Home Depot staff can help customers pick out larger and more difficult items such as showers, vinyl siding, carpet, appliances, and plumbing. After the purchase, Home Depot will have the items delivered and installed in the customer’s home. Home Depot’s focus on “product authority” is one of the main and drivers for the company’s high quality service.

The first of these threats is Social Engineering. Social Engineering according to Social-Engineer.org (2013), is “the act of influencing a person to accomplish goals that may or may not be in the ‘target’s’ best interest. This may include obtaining information, gaining access, or getting the target to take certain action.” The employees themselves are the area of the system affected by this threat. Social Engineering exploits their naivety. General lack of experience in recognizing this type of attack is a major reason for its success. Education on what Social Engineering is and how to recognize attacks coupled with company policies written, put into place, and enforced to prevent individuals from divulging or even having access to certain information no matter the scenario is the recommended course of action.

The Home Depot and Target have been one of the many retail establishments cyber attack breaches that have being targeted by cyber attackers. The Home Depot was the target of a cyberattack payment card system breach where their credit card information was basically stolen on September of 2014. The attacked occurred by attackers gaining third party credentials in order to gain access to the system, after they gained access to the system they weakened the system gaining their own access privileges. After doing all the mentioned above, malware was installed quickly on Home Depot’s self-check-out system. All these steps where taking by the cyber attackers resulting in the loss of more than fifty million credit card accounts and email addresses.

Home depot was the target of a cyberattack on their information system infrastructure that lasted from April of 2014 to September of 2014. As a result of the attack and following data breach, 56 million credit-card accounts and 53 million email addresses were stolen. (“Home Depot Hackers Exposed 53 Million Email Addresses”) The cyberattack involved several steps. First, the attackers gained third party credentials allowing them into the system. Next they exploited an unknown weakness in the system that allowed for the attackers to elevate their own access privileges. Finally, they installed malware on Home Depot’s self-checkout systems in the U.S. and Canada, allowing

The attack on Home Depot in 2014 happened from hackers that retrieved stolen vendor login credentials which allowed access to home depot’s system. the hackers then install malware on home depot’s payment system, which helped the hackers steal the credit

While all of these technologies have enabled exciting changes and opportunities for businesses, they have also created a unique set of challenges for business managers. Chief among all concerns about technology is the issue of information security. It seems to be almost a weekly occurrence to see a news article about yet another breach of security and loss of sensitive data. Many people will remember high profile data breaches from companies such as T.J Maxx, Boston Market, Sports Authority, and OfficeMax. In the case of T.J. Maxx, a data breach resulted in the loss of more than 45 million credit and debit card numbers. In many of these incidents, the root cause is a lack of adequate security practices within the company. The same technologies that enable managers can also be used against them. Because of this, businesses must take appropriate steps to ensure their data remains secure and their communications remain

As an example I would like to describe my experience working at a relatively small fruit import company. The management of this firm gets information, makes orders, and carries almost all negotiations via the e-mail. "To minimize the risk of any disclosure or loss of confidential data, it is important to understand where the risks are, and implement office management practices and appropriate technology to ensure all of your data remains confidential and secure," advises article IDS: Classification (2002, December4). The potential loss or disclosure of information could occur through various ways: vulnerabilities of operation systems (mostly Microsoft products), vulnerabilities of e-mail software, viruses and malicious software, and weak passwords. It is relatively easy to protect electronic information in this case, but it does take some time and effort, which could be difficult for managers, who do not have an expertise in computers.

Finally the company should update the employees with the security policies and procedures to prevent the attacks.

Implement a security training program for IT employees and any employee manipulating customer sensitive data

a significant amount of data security breaches are due to either employee oversight or poor business process. This presents a challenge for businesses as the solution to these problems will be far greater than simply deploying a secure content management system. Business processes will need to be examined, and probably re-engineered; personnel will need to be retrained, and a cultural change may be required within the organization. These alone are significant challenges for a business. A recent example of what is probably unintentional featured an Australian employment agency’s web site publishing “Confidential data including names, email addresses and passwords of clients” from its database on the public web site. An additional