Cybercriminals are targeting retailers, and businesses must be thoroughly prepared to prevent such risks.
According to a 2019 survey conducted by BDO, CFOs viewed data privacy as a factor determining future business growth and their most significant regulatory concern.
The expansion of retail leads to a surge in customer data volume, making it quite a subject for cyber attacks. Protecting sensitive data, therefore, becomes a critical task for companies of all scales.
Data collection is increasing, and so are the risks
Companies are more reliant on data collection to enhance their service quality. The information serves as a vital input for them to understand their customers better, especially when online shopping becomes popular.
For example, a retail company will be able to generate proper touchpoints with highly individualized product recommendations for a specific buyer; by using AI-enabled interactive systems to process inputs like facial recognition, location tracking, or voice tone.
Simultaneously, under the expanding impact of digital marketing, online shopping, and loyalty schemes, shoppers are willing to share more personal information with retailers than ever. Deloitte forecasts that the amount of customer data accumulated from all touchpoints will climb exponentially from 33 zettabytes (ZB) in 2018 to 175 ZB in 2025*.
This unprecedented growth has made the protection of data privacy a key priority for retailers. In 2019, the retail industry saw more breaches than any other sector.
One report by PwC pointed out that cyber-attacks on retailers increase by 30% per year. Meanwhile, in their report titled “Cyber(attack) Monday: Hackers Target the Retail Industry as E-Commerce Thrives,” IntSights found that cybercrime costs retailers about $30 billion each year.
To retailers: time to be cautious and thorough!
As criminals use advanced methods to carry out attacks on sensitive data storage, retailers should be proactive with their cybersecurity strategy. It’s better to assume the risk of a breached system is always present. According to Brian Dunphy, their approach should be comprised of:
- A Written Information Security Program – Enlisting the administrative, technical, and physical methods to safeguard personally identifiable information.
- An Incident Response Plan – Instructions on detecting, responding, and diminishing impacts of a cybersecurity incident.
While there are various approaches to creating a data protection strategy, companies should evaluate the following aspects carefully:
Domain and network security examination
Retailers are advised to invest in a secure domain provider. Poorly-configured website domains pose the risk of exposed administrative portals, allowing criminals to enter the system.
Afterward, in their 2016 Biggest Holiday Retailers Cybersecurity Report, SecurityScorecard noted that obtaining an SSL certificate is essential. This step helps encrypt sensitive personal information on companies’ pages.
Proper configurations of retailers’ domains ensure that customers’ addresses or credit card numbers are safe from impersonation attacks. For example, a poor DNS configuration means hackers can create websites that look like a retailer’s official one and obtain users’ personal information from fake checkout forms.
Upgrading their point-of-sale (POS) hardware and software
Credit card information is a common target of digital attacks. There are several ways breaches relating to POS may occur:
- Hackers may gain access to POS systems directly or through the corporate network.
- Credit card numbers may not have been properly encrypted in the POS system.
- POS systems may be outdated or affected by malicious codes.
Retailers now have a vast majority of technological choices to achieve secure transactions. Many businesses employ traditional magnetic stripe technology, including peer-to-peer (P2P) encryption or applying the EMV standards for mobile payments and wallets.
In recent years, the use of Near-field Communications (NFC) in retail has also expanded. These technologies enable a secure, contactless, and faster payment method.
Raising employee awareness
Besides monetary and technological investments, employees play an equally important role in defending businesses against cyber-attacks. Therefore, providing adequate and regular training on this matter is vital.
Working in retail means involving with multiple third parties. This issue makes data management and protection even more challenging and complicated.
Therefore, it is essential to have strict regulations regarding data safeguarding for employees. For example, businesses can minimize risks by implementing a password policy on their staff.
Instead of sticking to the default login information, employees must create multi-factor usernames and passwords and change them regularly. Otherwise, hackers may gain access to the administrative systems and steal critical data.
In conclusion, the retail industry has served its customers better thanks to the large-scale collection of data. However, this comes with the risk of privacy breaches which are taking place in increasingly sophisticated ways.
What makes retailers truly prepared to fight this type of cybercrime is a thoughtful, comprehensive approach to reviewing and renovating their security infrastructure.
*1 Zettabyte (ZB) = 1 trillion gigabytes (GB)