Security Breach at Tjx Essay

766 Words4 Pages
HBR Case Study
Security Breach at TJX
1. What are the (a) people, (b) work process and (c) technology failure points in TJX’s security that require attention?
While it is known that all retailers, large and small, are vulnerable to attacks, several factors including people, work process, and technology require attention so as to prevent another major attack from hitting TJX.
The people associated with the attack who need attention are the top-level executives and, more importantly, the Payment Card Industry Data Security Standard
(PCI DSS) auditors. Top-level executives need to understand that IT security is a business issue and not just a technology issue. As seen by the attack, an IT security breach can mean hundreds of
…show more content…
2. How should the company’s IT security be improved and strengthened? What should its short-term priorities and long-term plans be?
Hiring Richel as the Chief Security Officer was one big step towards a better IT security program at TJX; he’s an executive who understands the harsh and costly consequences of a weak IT security system and has plans to implement the strongest system possible.
Short term priorities include 1) addressing Mary Smith’s letter and taking care of the $5,000 theft, 2) implement network monitoring, 3) implement logs, 4) encrypt ALL data and minimize the time where data goes from ‘scrambled’ to ‘unscrambled’, and 5) update all components of the system, both hardware and software, to the most modern and secure in the industry.

Long-term priorities should include minimizing risk by making everyone in the company, not just top-level executives, aware of the potential of another massive attack on their system. The reason why I think store clerks and managers should be made aware of their respective branch’s IT system (wireless, kiosks, card swipers, etc) is so that they know what an attack looks like when it is happening. More times than not, the invasion is happening right in front of the cashier’s face yet they have absolutely no idea.
Get Access