Cyber security is not just an IT problem. It is a multi-faceted task requiring a wide-ranging business approach to its management. It is impossible to achieve total security from cyber attacks. Rather, a best practice is a risk-based approach that uses an extensive plan for intentionally avoiding, mitigating, accepting or transferring cyberattack risks. In order to recognize and solve risks for communications networks and facilities, businesses need to create and maintain a suitable governance and risk management framework.
The first stage to be taken by a panel or management committee is to determine who should be engaged in developing a cyber security program within the business.
Key initial steps include the identification of known risks and the controls established. A best practice is to set up a cross-organizational top management board that puts together a complete variety of business expertise and skills. IT and corporate security should be included as well as business owners.
An insider threat is described as an existing or former employee, contractor or other company associate who has or had permitted access to the network, system or data of an organization and who has deliberately surpassed or misused that in a way that has adversely impacted the confidentiality, integrity or availability.
Some of the risks presented by internal threats are described below.
Undesired information about confidential customers and accounts a risk to the most valuable relationships of an organization.
Employees move to a rival or start a company that steals client lists or intends to offer a competing benefit to themselves.
Employees who feel they possess the intellectual property they contribute to developing. In consequence, when they leave the organization, they take intellectual property with them.
It is important to decide on the hiring process, steps, and communication channels to be used by all those involved in the recruiting decision. The plan should contain a timeline, a recruiting plan, original candidates ‘ screening requirements, the review committee, issues for interviews and records.
Home Depot confirmed in September 2014 that as early as April 2014, nearly 2,200 U.S. and Canadian stores and their “in-store” credit and debit card handling systems were the targets of a cybersecurity breach that had impacted countless U.S. dealers. Customer transaction data was allegedly siphoned off by perpetrators and circulated via nefarious channels. Home Depot reportedly became aware of the August breach after a prospective breach was notified by banks and law authorities. The 2014 incident, which represents the biggest point of sale heist ever, and the largest compromise on credit cards, affected 56 million customers. Banks that lodge legitimate allegations now receive $2 per damaged credit card, even if they have obtained compensation from another provider, without proving their losses. According to the settlement documents, those who can demonstrate their losses can receive up to 60% of their uncompensated expenses with extra ‘ documents on damages.
Canada Provincial Class Action Lawsuit
An Ontario court approved a complaint in a class-action lawsuit against Home Depot of Canada, Inc and its commercial parent resulting from a 2014 data breach that impacted its payment card system. As part of the settlement agreement in Canada, Home Depot has decided, among others, to create a $250,000 “non-reversion grant” for Canadians whose information on their credit cards or email addresses was compromised by data failure during the data breach. 
In Saskatchewan, the proposed class initially included “individual in Canada who have experienced damages, inconvenience, economic loss, emotional distress or other losses as a consequence of a privacy breach, who are and have been, at all material times, holders or otherwise beneficially permitted to handle certain confidential information, both personal and financial.” While the overall cost of a retail data breach is around $179 million, the assessment does not contain all of Home Depot’s legal fees, nor does it include unspecified penalties. The final cost of the retail data breach will be much bigger. It is already suppressing the $500 million mark.