[BE] Midmarket CIO Blog

Retail security: Keep an eye on the inside


When Dennis Shockro arrived at Northern Tool & Equipment three years ago, there was no one within the IT organization focused solely on security and compliance.

Dennis Shockro

Dennis Shockro is the VP of Information Technology at Northern Tool & Equipment Company

The Minnesota-based catalog retailer with bricks-and-mortar locations across the United States sells and distributes everything from power tools and generators to construction equipment and machinery.

“We’ve done a lot as a retailer for our stores and online as far as PCI compliance,” Shockro shared recently. “As a large company, we have to be very stringent…our team had to take a pretty hard look at security and access.”

Regular scans of all the companies’ networks help minimize vulnerabilities by identifying dormant users.

Not surprisingly, however, Shockro said phishing campaigns designed by the recently hired Security and Compliance team reveal internal users often pose the biggest threats.

From slightly misspelling names of popular retailers offering a free sandwich for lunch to slightly altering a URL to resemble that of an existing vendor, they’re quickly given visibility into occasional missteps and habitual offenders. Multiple attempts to access a spoof email will re-direct repeat offenders to a mandatory security training.

On deck for the company is implementation of a Data Loss Prevention solution as they prepare for the busy retail season. With continuous expansion of Internet retail and eCommerce, Shockro said staying a step ahead of the bad guys is among his sizeable team’s biggest challenge.

“You can’t just assume you’re secure, resting on your laurels that this piece of software is protecting us. What’s next? Is it an appliance? Do you add another level, and what impact could that have on your internal as well as your external customers?”

Orlando | April 3 — 5, 2016

San Antonio | October 23 — 25, 2016

Recommended Posts