Page 70 - Cyber Warnings
P. 70
Office Depot
Allegedly Creative Vulnerability Diagnosis
by Charles Parker, II; InfoSec Architect
Retailers do not have the most pleasant sets of responsibilities. There are pressures from the
staff, management, corporate office, and customers. There may be a mismatch viewed with
what is sold and revenue, in that the goods and services may last for multiple years, while the
revenue from the sale only appears in the first year, and the sales budgets continue to climb.
For instance, a customer may purchase AV with a three year time span now or a Mac Air.
These last multiple years and are not recurring expenses for the consumer, while the expected
increase in revenue has to come from somewhere.
At times, the management may feel the need to work within the grey area of sales to secure the
transaction. This may not be ethical in its entirety. An example of this may be considered in
2008 when Circuit City filed bankruptcy. Up until the end, the store warranties were sold to
consumers without the disclosure of the potential filing.
Post-bankruptcy filing and store closings, the stores were not able to service the products under
their warranty, in comparison to the manufacturer’s warranty. Others have elected to take this a
bit further.
Office Depot’s Allegedly Questionable Practices
The massive base of non-IT consumers provide a very large customer base to target and sell
goods and services to. For the most part, this segment of the economy has much to learn.
The consumers have read a headline regarding a breach, however their IT and InfoSec
knowledge base tends to be rather shallow, naturally with variances per person.
Due to the Office Depot being directly involved with selling computer systems and related
services to this market, the staff members should be acting in a fiduciary capacity. They are the
subject matter expert (SME). If consumer Joe has an issue with his computer, he may simply
unplug the laptop and take the equipment into the local Office Depot for advice.
The systems are scanned by the Office Depot application. Allegedly the Office Depot’s tech
teams then informs these customers there is malware on the customer’s computers when there
is not. Although this generates revenue, it is not exactly prudent..
The staff was allegedly being pressured to sell computer protection plans per a news story by
KIRO in Seattle. This was per a prior employee who was now a whistleblower. This Washington
example however is not isolated.
70 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
