In the early days of the pandemic, many retailers quickly launched e-commerce stores for the first time. Others expanded their offerings, such as adding online ordering with curbside pick-up. Within only a few months, the pandemic accelerated the shift to e-commerce stores by five years. This points to the need for increased retail cybersecurity.

The result is there is now more data — both public and private — stored in the cloud than ever before. However, now that the proverbial dust has settled, store owners should revisit their retail cybersecurity efforts to make sure the processes and technology they put in place really work.

How Retail Cybersecurity Protects Customer Data

Long-term retail success hinges on knowing your customers’ needs today and anticipating their needs tomorrow, both in terms of products and customer experience. However, doing this with an e-commerce store is more challenging than a brick and mortar shop. The key to gaining these critical insights lies in effectively using the data you have to make business decisions. Using customer data to create personalized experiences can multiply return on investment by 5 to 8 times and can increase sales by 10% or more.

Many retailers think of consumer customer data in a single bucket, but this is inaccurate. Because each type of customer data has a different business value and risk factor, businesses need to think of each type separately. In addition, different types of customer data are located in different platforms and server locations. You must know where each type lives to properly secure it. Deloitte has identified the following types of customer data:

  • Account: Personal and transactional data, such as name and address
  • Location: Physical location through mobile phone location, and virtual location through IP address
  • Browsing: Browsing habits, including what, when and where
  • Profile: Data from third parties, such as demographics and social media

How to Face Retail Cybersecurity Challenges

Because of the importance of customer data, retailers must proactively and properly secure all types of customer data. Here are five key retail cybersecurity strategies for how to protect customer data against cyberattacks in the retail industry.

Review the Budget

Securing your data begins with having a specific budget for cybersecurity. Retailers are likely to see an average decrease of 15% in their IT budget due to the impact of the pandemic. However, retailers must advocate to keep their cybersecurity budget intact and robust — or risk losing much more after they’re targeted.

McKinsey recommends businesses take a value-based approach to budget due to the changing nature of business during a pandemic. By focusing on the value of the data to the business, you can more easily advocate for the budget you need to protect the data. Threat modeling — which involves prioritizing threats, estimating their cost to the organization and identifying the protections against the threat — can also be helpful during the budgeting process.

Encrypt Sensitive Data

Data in transit from one location to another, such as from the server to a mobile phone, is open to retail security threats. By using data encryption, the data has extra protection while traveling and can only be unlocked at the endpoint with the decryption key. However, using encryption means carefully walking the line between privacy and ease of use. Many organizations are now turning to homomorphic encryption, which allows calculations on data in its encrypted state.

Evaluate Physical Risks

When you think of retail security threats and data, it’s easy to only consider risks after the data is collected. However, self-scanners and self point-of-sale (POS) systems increase the risk of a surface attack. While POS malware attacks are declining, they are still a risk retailers must actively protect against, especially if cyber criminals eventually figure out how to break through chip and PIN protection.

While directly scanning POS systems and using anti-malware on all terminals is key, retailers should also employ network segmentation to limit any damages from a surface attack breach. If a breach or attack occurs at the POS system, it will be contained to a very small portion of the network that does not intersect with sensitive data. Through cloud-based firewalls, retailers gain both more protection and control over their segmentation. Other protections for kiosks and POS systems include installing all patches right away and changing default passwords.

Educate Employees About Retail Cybersecurity, Too

According to the Ponemon Institute’s 2020 Insider Threat Report, 65% of security incidents are a result of employee negligence, with insider threats growing 38% in the retail industry over the past two years. Passwords are a top culprit, with SecureLink finding that 81% of malicious breaches start with compromised passwords.

With a high number of part-time and seasonal employees, training employees on best practices can be challenging, and must be a constant focus. By including cybersecurity best practices into onboarding for all employees, retailers can improve the education of their staff.

Because response time is crucial in ransomware attacks, retailers should specifically address this type of cyber crime. By teaching employees how to spot an attack in progress and know the right actions to take, you can limit the damage. The contact information of the IT security team should be provided and easy to locate under stress for each employee.

Strengthen Malware Protection

Malware protection is the front line defense against malware. A large retailer was recently attacked by Egregor ransomware, which encrypted network devices and servers. If your sales associates use mobile devices to check out customers or show online options, be sure every device has the latest version of malware protection. Consider limiting how much employees can use their own devices at your retail store to retain control.

Good Retail Cybersecurity is Good for Business

Your customers trust you with their data. And, your success as a retailer depends on maintaining their trust by protecting their data and keeping them coming back. By taking the right steps with your retail cybersecurity protection efforts, you can use the data you collect to improve the customer experience and create loyal customers for your store.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them.ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge.Understanding Attack Surface ManagementHere are some key…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor for…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…