Tjx Companies
TJX Companies
List and describe the security controls in place. Where are the weaknesses?
TJX companies had very little security measures in place, and even the ones they had were mostly outdated. The company was using a Wired Equivalent Privacy (WEP) network encryption system. By today’s standards, and even at the time of intrusion, it is a fairly insecure system and is considered easy to hack into. Wi-Fi Protected Access (WPA), a more complex encryption system, was already available at the time of breach but the company did not upgrade to this more secure system. The wireless network they were using also did not have firewalls on many computers nor did they install any additional security software. Proprietary information, such as credit card data, was stored on the system for an extended period of time, and was not encrypted when it was sent.
What tools and technologies could have been used to fix the weaknesses?
TJX companies needed quite a few enhancements into their security setup. The first change that could have been made was updating the Wi-Fi network security. Using the WPA encryption system should have been a priority upgrade considering the weak security alternatives. In addition to that encryption, a firewall could have been active on every computer. Most computers have firewalls for their internet browsing, but an additional firewall could protect an area of the company’s network, such as credit card information. Another important tool is updated anti-virus software. Anti-virus software only protects against known viruses so it important to keep the software updated. Credit card data should always be encrypted, especially when being sent to another party (on the off chance it is intercepted). Security systems should be tested frequently and checked for errors or flaws in the system.
What was the business effect of TJX’s data loss on TJX, consumers, and banks?
Reputation is one of the hardest hits that these companies take. Once you
List and describe the security controls in place. Where are the weaknesses?
TJX companies had very little security measures in place, and even the ones they had were mostly outdated. The company was using a Wired Equivalent Privacy (WEP) network encryption system. By today’s standards, and even at the time of intrusion, it is a fairly insecure system and is considered easy to hack into. Wi-Fi Protected Access (WPA), a more complex encryption system, was already available at the time of breach but the company did not upgrade to this more secure system. The wireless network they were using also did not have firewalls on many computers nor did they install any additional security software. Proprietary information, such as credit card data, was stored on the system for an extended period of time, and was not encrypted when it was sent.
What tools and technologies could have been used to fix the weaknesses?
TJX companies needed quite a few enhancements into their security setup. The first change that could have been made was updating the Wi-Fi network security. Using the WPA encryption system should have been a priority upgrade considering the weak security alternatives. In addition to that encryption, a firewall could have been active on every computer. Most computers have firewalls for their internet browsing, but an additional firewall could protect an area of the company’s network, such as credit card information. Another important tool is updated anti-virus software. Anti-virus software only protects against known viruses so it important to keep the software updated. Credit card data should always be encrypted, especially when being sent to another party (on the off chance it is intercepted). Security systems should be tested frequently and checked for errors or flaws in the system.
What was the business effect of TJX’s data loss on TJX, consumers, and banks?
Reputation is one of the hardest hits that these companies take. Once you
References: Laudon K., L. C. (2001). Essentials of M.I.S. (9 ed., p. 243 & 421). Boston, MA: Prentice Hall.