In the early days of the pandemic, many retailers quickly launched e-commerce stores for the first time. Others expanded their offerings, such as adding online ordering with curbside pick-up. Within only a few months, the pandemic accelerated the shift to e-commerce stores by five years. This points to the need for increased retail cybersecurity.
The result is there is now more data — both public and private — stored in the cloud than ever before. However, now that the proverbial dust has settled, store owners should revisit their retail cybersecurity efforts to make sure the processes and technology they put in place really work.
How Retail Cybersecurity Protects Customer Data
Long-term retail success hinges on knowing your customers’ needs today and anticipating their needs tomorrow, both in terms of products and customer experience. However, doing this with an e-commerce store is more challenging than a brick and mortar shop. The key to gaining these critical insights lies in effectively using the data you have to make business decisions. Using customer data to create personalized experiences can multiply return on investment by 5 to 8 times and can increase sales by 10% or more.
Many retailers think of consumer customer data in a single bucket, but this is inaccurate. Because each type of customer data has a different business value and risk factor, businesses need to think of each type separately. In addition, different types of customer data are located in different platforms and server locations. You must know where each type lives to properly secure it. Deloitte has identified the following types of customer data:
- Account: Personal and transactional data, such as name and address
- Location: Physical location through mobile phone location, and virtual location through IP address
- Browsing: Browsing habits, including what, when and where
- Profile: Data from third parties, such as demographics and social media
How to Face Retail Cybersecurity Challenges
Because of the importance of customer data, retailers must proactively and properly secure all types of customer data. Here are five key retail cybersecurity strategies for how to protect customer data against cyberattacks in the retail industry.
Review the Budget
Securing your data begins with having a specific budget for cybersecurity. Retailers are likely to see an average decrease of 15% in their IT budget due to the impact of the pandemic. However, retailers must advocate to keep their cybersecurity budget intact and robust — or risk losing much more after they’re targeted.
McKinsey recommends businesses take a value-based approach to budget due to the changing nature of business during a pandemic. By focusing on the value of the data to the business, you can more easily advocate for the budget you need to protect the data. Threat modeling — which involves prioritizing threats, estimating their cost to the organization and identifying the protections against the threat — can also be helpful during the budgeting process.
Encrypt Sensitive Data
Data in transit from one location to another, such as from the server to a mobile phone, is open to retail security threats. By using data encryption, the data has extra protection while traveling and can only be unlocked at the endpoint with the decryption key. However, using encryption means carefully walking the line between privacy and ease of use. Many organizations are now turning to homomorphic encryption, which allows calculations on data in its encrypted state.
Evaluate Physical Risks
When you think of retail security threats and data, it’s easy to only consider risks after the data is collected. However, self-scanners and self point-of-sale (POS) systems increase the risk of a surface attack. While POS malware attacks are declining, they are still a risk retailers must actively protect against, especially if cyber criminals eventually figure out how to break through chip and PIN protection.
While directly scanning POS systems and using anti-malware on all terminals is key, retailers should also employ network segmentation to limit any damages from a surface attack breach. If a breach or attack occurs at the POS system, it will be contained to a very small portion of the network that does not intersect with sensitive data. Through cloud-based firewalls, retailers gain both more protection and control over their segmentation. Other protections for kiosks and POS systems include installing all patches right away and changing default passwords.
Educate Employees About Retail Cybersecurity, Too
According to the Ponemon Institute’s 2020 Insider Threat Report, 65% of security incidents are a result of employee negligence, with insider threats growing 38% in the retail industry over the past two years. Passwords are a top culprit, with SecureLink finding that 81% of malicious breaches start with compromised passwords.
With a high number of part-time and seasonal employees, training employees on best practices can be challenging, and must be a constant focus. By including cybersecurity best practices into onboarding for all employees, retailers can improve the education of their staff.
Because response time is crucial in ransomware attacks, retailers should specifically address this type of cyber crime. By teaching employees how to spot an attack in progress and know the right actions to take, you can limit the damage. The contact information of the IT security team should be provided and easy to locate under stress for each employee.
Strengthen Malware Protection
Malware protection is the front line defense against malware. A large retailer was recently attacked by Egregor ransomware, which encrypted network devices and servers. If your sales associates use mobile devices to check out customers or show online options, be sure every device has the latest version of malware protection. Consider limiting how much employees can use their own devices at your retail store to retain control.
Good Retail Cybersecurity is Good for Business
Your customers trust you with their data. And, your success as a retailer depends on maintaining their trust by protecting their data and keeping them coming back. By taking the right steps with your retail cybersecurity protection efforts, you can use the data you collect to improve the customer experience and create loyal customers for your store.