Skip to content

Why Red Team a Policy?

April 26, 2016

So, Target has ruffled a few feathers with a (not new) public policy on how their restrooms and changing rooms are now really outside their responsibility. While it makes for great PR for them (for the moment), the long term implications are less clear. Why? I’m glad you asked!

Target’s Boycott

One of the functions I perform professionally is that of a red teamer. While the term “red team” may give some professionals the equivalent of the “oh crap heebeejeebees” it’s a necessary function in everything we do. In the case of Target, while I could really care a lot less about the bodily excrement functions of my fellow human beings (after all, everybody poops and pees) I do care about a C-level decision that the Target Corporation has deemed such a public necessity, that they just were going to do something about it!

Let me restate my previous opinion, I don’t care how noble the policy sounded in the name of political correctness, or about the inclusivity of customers and employees, all in the simple name of someone needing to use the bathroom (or changing room) which everyone does, (I’ll presume safely) because there have previously been at least some common sense physical controls in place.

It boils back down to the safety of people, no matter what their sexual identity or orientation is.

So, back to the title of the post, and what does red teaming have to do with Target (once again)? Everything! Let’s pick apart the policy and find the weakest spot (that’s what happens in real life by the way). Call it a loophole, a weakness, a vulnerability, whatever you want. Target didn’t try to find those out before going public with it.

Does anybody remember the massive data breach that #Target had not so long ago? How could anyone forget? It was one of the largest data breaches in recent history! The same mindset that thought through their safeguards still prevails within their corporation. The same mindset that actually thought publicly announcing what amounted to “we’re not responsible for anything that may occur, let’s be careful out there” and compromising the safety of both employees and customers.

We’ve always had predatory people out there (of all sexual orientations). Target’s very public (but not well crafted nor vetted) policy now easily enables a familiar attack vector into play (red team speak), that of #SOCIAL-ENGINEERING.

Anybody (as their policy currently implies), can go to any bathroom or changing room of their choice without question, simply by implying that they really identify with whichever sex. Social engineering preys on the trust of another, and predatory people really do look for easy Targets (pun included). It’s made an exploit of their policy easy to accomplish.

Had Target Corporation red teamed this snafu’d boondockle, they probably would have noticed it sounded exclusively superior to everyone else and stopped to think there was probably a better reason than the bottom line. They didn’t, and now there’s folks protesting out in front of their stores for scores of reasons, and some of them downright hateful. Instead, they’ve created a social engineering playground for predatory people. People that may have had an additional physical control to at least mitigate some risks. It’s probably going to take several lawsuits from victims to get that point across.

Local stores really have no fight in this game, it’s a corporate policy. If you were to ask the local store manager how the policy has been implemented and enforces, they’ll refer you to the corporate number. It’s not as if the local manager really has they answers (they don’t really), it’s that the local stores have no say in whether or not they will accept or reject a corporate policy. Locally, the stores are complying out of corporate fear rather than fear of a customer backlash. Until #Target can figure out how to put the genie back in the bottle, put the cap back on the bottle, and address the loophole and vulnerabilities they have created, then I really have a few choices:

  1. Don’t shop there (easy enough, Walmart is next door, or even safer, order from Amazon);
  2. Continue business as usual, and being aware that there’s an additional vulnerability there that I can control if needed; or
  3. Hate fellow human beings for inconveniencing my shopping experience freedom.

Trust me, it’s not number 3. Go pee or poop where you want in a sanitary manner (or identify as a cat like the girl from Norway, and find a really large litter box) just don’t physically threaten someone that’s different that you. If you ARE attacked, then by all means, take the gloves off and defend yourself in whatever means you are able (then let Target still take the heat for not providing a safe shopping experience).

It’s the reverse fallout of baking a cake or making a flower arrangement. It’s our choice to shop elsewhere should we want to.

Corporately, it’s about money and not necessarily about your safety (or perceived safety). From the strictly business side, would you consider Target’s policy to be one of risk management, risk transfer or risk avoidance? If you can’t put in one of the three then the policy really shouldn’t exist in the first place, and causes more problems than solutions.

We’ve all become way too complacent as a society when even common sense doesn’t make sense to many, and that complacency has crossed public safety barriers. At least #TSA gives you a sense of security theater when you travel.

 

 

From → Uncategorized

Comments are closed.

%d bloggers like this: