The retail industry is a favorite target of cyber attackers. Hackers know a successful attack on a retailer can give them access to the data of thousands or even millions of payment cardholders. Cybercriminals can sell that data for a tidy profit to other criminals on the dark web who use it for fraud, identity theft, and phishing attacks. Cybercrime is big business; it’s projected to cause damages of $6 trillion by 2021 on organizations of all types and sizes.
When it comes to cyber threats, retailers have a lot at stake. They operate on thin margins and have to protect their brands. A breach that compromises the private information of customers can erode trust, prompting many to take their business elsewhere. Nineteen percent of consumers in a KPMG study said they would stop shopping at a retailer following a breach, and 33 percent said they would do so temporarily.
A strong cybersecurity posture, therefore, isn’t optional for retailers. It is an absolute must. Retailers that fail to take proper measures to secure customer data, as well as their own, risk being penalized if a breach is found to have been caused by noncompliance of relevant regulations. For many retailers – especially smaller, independent shops – security is a big challenge because they lack the requisite skills and knowledge, in which case they must seek help from solution providers that can implement security solutions to protect them. A comprehensive retail security strategy (whitepaper) must include the following eight components:
1. POS security
Retailers live and die by their POS systems. Unsecured POS software and hardware such as card readers and receipt printers can cause serious problems
2. e-Commerce protection
Retailers must protect their online storefronts as zealously as they do physical POS stations. As with the POS, PCI regulations apply to online transactions, so retailers must ensure that they have the proper controls in place to protect web shoppers.
3. User authentication
Reliable user authentication policies are critical in two primary ways: to ensure that internal users follow security protocols and to accurately identify customers. Both require strong authentication practices.
4. Endpoint monitoring
In the past, deploying antivirus (AV) software may have been sufficient to protect endpoints, but that is no longer the case. AV typically focuses only on known threats and cannot defend against newly introduced malware strands. This is why businesses need a combination of 24/7 endpoint monitoring and data analytics to defend against all kinds of threats.
5. Email protection
Many cyberattacks originate with phishing emails, and most ransomware infections start with a user clicking an infected URL or attachment. Phishing works because it preys on fear and curiosity by making emails look like they are coming from a legitimate source and persuading users to click on the URL or attachment.
6. Wi-Fi network/communications
Retailers increasingly offer Wi-Fi connections to customers in stores as a convenience – and to capture customer information for marketing purposes. However, Wi-Fi networks open to the public should be separate from those used for business functions such as inventory, HR, and POS.
7. Surveillance systems
In addition to protecting their digital assets, retailers have to secure physical stores to prevent shoplifting, fraud, and employee theft at the POS. Deploying a surveillance system with CCTV or IP-connected cameras not only helps to secure physical spaces but also acts as a crime deterrent.
8. Business continuity
No security strategy is complete without a business continuity plan. If a business suffers a cyberattack or physical operations are interrupted by a natural disaster, a company needs to resume operations as quickly as possible. A data backup and recovery strategy are central to business continuity plans.
Conclusion
Retailers cannot afford to be lax with security, be it in physical spaces, their IT networks, or websites. It can take a long time to recover from a security breach, especially if customers lose trust in the company. Digital theft, data breaches, and security related to new payment methods erode a consumer’s trust in a brand, making security a business essential.
For more information on these eight tips on security see the complete whitepaper on security best practices for retailers.
