In the early days of the pandemic, many retailers quickly launched e-commerce stores for the first time. Others expanded their offerings, such as adding online ordering with curbside pick-up. Within only a few months, the pandemic accelerated the shift to e-commerce stores by five years. This points to the need for increased retail cybersecurity.

The result is there is now more data — both public and private — stored in the cloud than ever before. However, now that the proverbial dust has settled, store owners should revisit their retail cybersecurity efforts to make sure the processes and technology they put in place really work.

How Retail Cybersecurity Protects Customer Data

Long-term retail success hinges on knowing your customers’ needs today and anticipating their needs tomorrow, both in terms of products and customer experience. However, doing this with an e-commerce store is more challenging than a brick and mortar shop. The key to gaining these critical insights lies in effectively using the data you have to make business decisions. Using customer data to create personalized experiences can multiply return on investment by 5 to 8 times and can increase sales by 10% or more.

Many retailers think of consumer customer data in a single bucket, but this is inaccurate. Because each type of customer data has a different business value and risk factor, businesses need to think of each type separately. In addition, different types of customer data are located in different platforms and server locations. You must know where each type lives to properly secure it. Deloitte has identified the following types of customer data:

  • Account: Personal and transactional data, such as name and address
  • Location: Physical location through mobile phone location, and virtual location through IP address
  • Browsing: Browsing habits, including what, when and where
  • Profile: Data from third parties, such as demographics and social media

How to Face Retail Cybersecurity Challenges

Because of the importance of customer data, retailers must proactively and properly secure all types of customer data. Here are five key retail cybersecurity strategies for how to protect customer data against cyberattacks in the retail industry.

Review the Budget

Securing your data begins with having a specific budget for cybersecurity. Retailers are likely to see an average decrease of 15% in their IT budget due to the impact of the pandemic. However, retailers must advocate to keep their cybersecurity budget intact and robust — or risk losing much more after they’re targeted.

McKinsey recommends businesses take a value-based approach to budget due to the changing nature of business during a pandemic. By focusing on the value of the data to the business, you can more easily advocate for the budget you need to protect the data. Threat modeling — which involves prioritizing threats, estimating their cost to the organization and identifying the protections against the threat — can also be helpful during the budgeting process.

Encrypt Sensitive Data

Data in transit from one location to another, such as from the server to a mobile phone, is open to retail security threats. By using data encryption, the data has extra protection while traveling and can only be unlocked at the endpoint with the decryption key. However, using encryption means carefully walking the line between privacy and ease of use. Many organizations are now turning to homomorphic encryption, which allows calculations on data in its encrypted state.

Evaluate Physical Risks

When you think of retail security threats and data, it’s easy to only consider risks after the data is collected. However, self-scanners and self point-of-sale (POS) systems increase the risk of a surface attack. While POS malware attacks are declining, they are still a risk retailers must actively protect against, especially if cyber criminals eventually figure out how to break through chip and PIN protection.

While directly scanning POS systems and using anti-malware on all terminals is key, retailers should also employ network segmentation to limit any damages from a surface attack breach. If a breach or attack occurs at the POS system, it will be contained to a very small portion of the network that does not intersect with sensitive data. Through cloud-based firewalls, retailers gain both more protection and control over their segmentation. Other protections for kiosks and POS systems include installing all patches right away and changing default passwords.

Educate Employees About Retail Cybersecurity, Too

According to the Ponemon Institute’s 2020 Insider Threat Report, 65% of security incidents are a result of employee negligence, with insider threats growing 38% in the retail industry over the past two years. Passwords are a top culprit, with SecureLink finding that 81% of malicious breaches start with compromised passwords.

With a high number of part-time and seasonal employees, training employees on best practices can be challenging, and must be a constant focus. By including cybersecurity best practices into onboarding for all employees, retailers can improve the education of their staff.

Because response time is crucial in ransomware attacks, retailers should specifically address this type of cyber crime. By teaching employees how to spot an attack in progress and know the right actions to take, you can limit the damage. The contact information of the IT security team should be provided and easy to locate under stress for each employee.

Strengthen Malware Protection

Malware protection is the front line defense against malware. A large retailer was recently attacked by Egregor ransomware, which encrypted network devices and servers. If your sales associates use mobile devices to check out customers or show online options, be sure every device has the latest version of malware protection. Consider limiting how much employees can use their own devices at your retail store to retain control.

Good Retail Cybersecurity is Good for Business

Your customers trust you with their data. And, your success as a retailer depends on maintaining their trust by protecting their data and keeping them coming back. By taking the right steps with your retail cybersecurity protection efforts, you can use the data you collect to improve the customer experience and create loyal customers for your store.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today