A retailer’s guide to cyber security

In recent times, mobile smart devices and cloud-based platforms have been the predominant sources of new security challenges and have received the majority of attention by businesses.

Their proliferation has rapidly produced ‘perfect storm’ conditions, with the traditional security models and practices in place unable to keep pace with emerging threats.

Added to this, the importance and amount of data retailers transmit within an omnichannel operational landscape makes the security challenge greater.

>See also: How retailers can combat the growing tide of cyber attacks

Last year, 38% more security incidents were reported than in 2014, but the increase in the retail sector was an enormous 154%.  Here are the main security threats that retailers should address.

1. Making BYOD policies smart

The benefits and risks with bring your own device (BYOD) at work are largely known. Data leakage and control of intellectual property is at the top of the risk list, as users can easily forget that their devices are being used for company purposes.

For example, someone who leaves the business could take confidential information away with them on their personal device (intentionally or not).

Devices with data or authentication credentials can be lost or stolen, malware could be inadvertently brought into corporate systems via the device, and confidential information could be copied onto the device and jeopardise regulation and compliance.

2. Securing customer and employee data privacy in a cloud environment

Cloud-based technologies can provide retailers with the powerful and agile content and commerce capabilities to deliver the best end-user experiences.

Retailers need to balance the level of importance of the data held, where it comes from, how it is hosted, and who it goes to (including all interactions with internal operations, partners, suppliers and so on), with the level of their security response.

3. The speed of regulatory developments

It’s already happening, but regulators around the world will impose more controls and penalties against organisations, in three key areas: privacy for the consumer, protection of personally identifiable information (PII), and the right to erasure.

Fines, sanctions and reputational damage are all of the highest concern should regulations not be monitored, awareness updated internally and strictly adhered to. The new EU General Data Protection regulation is an example of the tightening of these controls.

4. Managing fraud in an omnichannel environment

Retail fraud in the bricks and mortar environment is well understood and most organisations have dedicated solutions for this. However, in an omnichannel environment, with sales being taken in one channel and fulfilment being handled by another, the retailer could easily become a target for exploitation without a complete understanding of the processes involved.

Retailers also have to address and prepare for potential issues linked with non-monetary fraud. This could be the simple sharing of loyalty discount codes, to the exploitation of voucher schemes such as Wowcher.

5. The new kid on the block: Internet of Things

Whilst threats to PCs, servers and networked devices are wrapped up in a mature security model, there are a multitude of unknown or poorly understood threats that the Internet of Things (IoT) brings.

Examples of networked appliances and devices in the retail environment include monitored freezer and chiller cabinets, distribution centre drones, smart garment tag scanners, and footfall counters.

All these technologies are ‘endpoints’ in a system, and are exposed to malware threats in the same way that traditional endpoints have always been. Retailers need to understand these potential threats and develop strategies to limit the impact on their core productions systems and data.

6. With reputation, actions speak louder than words

It’s not just customers that could be affected if security is breached, but suppliers and partners too. After a serious attack takes place and becomes public, the perception by media and social media of the organisation and partners can nosedive within minutes.

Cyber attackers are more organised, deploying ever sophisticated and dangerous threats to the information held by a retailer. And in today’s world, they’re virtually impossible to contain before anyone hears about it.

Taking years to gain and seconds to lose, reputation is intangible but should be taken as seriously as the ‘physical’ risks in this list. As Henry Ford said: “You can’t build a reputation on what you are going to do.”

So what recommendations can be made in order for retailers to improve their security practices and infrastructure?

>See also: How retailers can combat the deadly point-of-sale malware threats

Organisations should set in place the right, sustainable frameworks for data governance and security, crisis management procedures and IT architecture, which all combine to achieve a successful security ecosystem.

They should also secure the payment technologies available to consumers through every channel and across every location, country or region. And implement analytics-based security tools for incoming data and each network connection, including those of suppliers, contractors and vendors.

Examining and tightening measures in these areas will result in a holistic and comprehensive security model, ensuring the business is well-equipped to make smart decisions about the threats that will always be present and the investment needed to tackle them.


Sourced from Daren Ward, partner, and Wayne Cook, senior consultant, Retail Reply

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics