Light Dark
March 15, 2021 By Jennifer Gregory 4 min read
Data Protection
Retail
Security Services

In the early days of the pandemic, many retailers quickly launched e-commerce stores for the first time. Others expanded their offerings, such as adding online ordering with curbside pick-up. Within only a few months, the pandemic accelerated the shift to e-commerce stores by five years. This points to the need for increased retail cybersecurity.

The result is there is now more data — both public and private — stored in the cloud than ever before. However, now that the proverbial dust has settled, store owners should revisit their retail cybersecurity efforts to make sure the processes and technology they put in place really work.

How Retail Cybersecurity Protects Customer Data

Long-term retail success hinges on knowing your customers’ needs today and anticipating their needs tomorrow, both in terms of products and customer experience. However, doing this with an e-commerce store is more challenging than a brick and mortar shop. The key to gaining these critical insights lies in effectively using the data you have to make business decisions. Using customer data to create personalized experiences can multiply return on investment by 5 to 8 times and can increase sales by 10% or more.

Many retailers think of consumer customer data in a single bucket, but this is inaccurate. Because each type of customer data has a different business value and risk factor, businesses need to think of each type separately. In addition, different types of customer data are located in different platforms and server locations. You must know where each type lives to properly secure it. Deloitte has identified the following types of customer data:

  • Account: Personal and transactional data, such as name and address
  • Location: Physical location through mobile phone location, and virtual location through IP address
  • Browsing: Browsing habits, including what, when and where
  • Profile: Data from third parties, such as demographics and social media

How to Face Retail Cybersecurity Challenges

Because of the importance of customer data, retailers must proactively and properly secure all types of customer data. Here are five key retail cybersecurity strategies for how to protect customer data against cyberattacks in the retail industry.

Review the Budget

Securing your data begins with having a specific budget for cybersecurity. Retailers are likely to see an average decrease of 15% in their IT budget due to the impact of the pandemic. However, retailers must advocate to keep their cybersecurity budget intact and robust — or risk losing much more after they’re targeted.

McKinsey recommends businesses take a value-based approach to budget due to the changing nature of business during a pandemic. By focusing on the value of the data to the business, you can more easily advocate for the budget you need to protect the data. Threat modeling — which involves prioritizing threats, estimating their cost to the organization and identifying the protections against the threat — can also be helpful during the budgeting process.

Encrypt Sensitive Data

Data in transit from one location to another, such as from the server to a mobile phone, is open to retail security threats. By using data encryption, the data has extra protection while traveling and can only be unlocked at the endpoint with the decryption key. However, using encryption means carefully walking the line between privacy and ease of use. Many organizations are now turning to homomorphic encryption, which allows calculations on data in its encrypted state.

Evaluate Physical Risks

When you think of retail security threats and data, it’s easy to only consider risks after the data is collected. However, self-scanners and self point-of-sale (POS) systems increase the risk of a surface attack. While POS malware attacks are declining, they are still a risk retailers must actively protect against, especially if cyber criminals eventually figure out how to break through chip and PIN protection.

While directly scanning POS systems and using anti-malware on all terminals is key, retailers should also employ network segmentation to limit any damages from a surface attack breach. If a breach or attack occurs at the POS system, it will be contained to a very small portion of the network that does not intersect with sensitive data. Through cloud-based firewalls, retailers gain both more protection and control over their segmentation. Other protections for kiosks and POS systems include installing all patches right away and changing default passwords.

Educate Employees About Retail Cybersecurity, Too

According to the Ponemon Institute’s 2020 Insider Threat Report, 65% of security incidents are a result of employee negligence, with insider threats growing 38% in the retail industry over the past two years. Passwords are a top culprit, with SecureLink finding that 81% of malicious breaches start with compromised passwords.

With a high number of part-time and seasonal employees, training employees on best practices can be challenging, and must be a constant focus. By including cybersecurity best practices into onboarding for all employees, retailers can improve the education of their staff.

Because response time is crucial in ransomware attacks, retailers should specifically address this type of cyber crime. By teaching employees how to spot an attack in progress and know the right actions to take, you can limit the damage. The contact information of the IT security team should be provided and easy to locate under stress for each employee.

Strengthen Malware Protection

Malware protection is the front line defense against malware. A large retailer was recently attacked by Egregor ransomware, which encrypted network devices and servers. If your sales associates use mobile devices to check out customers or show online options, be sure every device has the latest version of malware protection. Consider limiting how much employees can use their own devices at your retail store to retain control.

Good Retail Cybersecurity is Good for Business

Your customers trust you with their data. And, your success as a retailer depends on maintaining their trust by protecting their data and keeping them coming back. By taking the right steps with your retail cybersecurity protection efforts, you can use the data you collect to improve the customer experience and create loyal customers for your store.

 |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from Data Protection
November 8, 2023

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature