The threat posed to the retail sector from cybercriminals is real and expanding. According to the New Statesman retail, along with education is the most targeted sector. A survey for Sophos found that 44 percent of retail organisations had been the target of a ransomware attack in the previous year. Many more traditional “bricks and mortar” shops had to quickly open or expand their online sales in response to Covid-19, creating additional challenges for cybersecurity. And that’s not expected to slow down any time soon. In this blog we’ve collated our key cyber security tips for the retail sector that you can implement today to reduce your risk.
1. Train your employees
Your employees are the front-line defence against password theft, password cracking, data skimming, phishing protection and more. When they are armed with the latest best practices and understand the importance of the role they must play in the security of the business, you’re less likely to suffer loss. Create a training plan and update it at least annually, as new threats emerge all the time.
2. Have a backup plan
You’ll need to know what you’ll do and how to react should an attack happen. An expert cyber security partner can help you create a disaster recovery plan and run drills to ensure it’s fit for purpose. It’s important that your plan includes identification, partitioning, backups, and redundancy to offer the fastest turnaround.
3. Adhere to local laws and guidelines
Depending on your locality and where you operate, there will be rules that apply to how you manage customer data. The European Union, for instance, is very strict on the rollout of robust requirements for all online retailers and data processors of all kinds.
4. Manage a secure and encrypted system
This goes beyond simple WiFi security measures. Symantec states that lack of P2PE is still a huge issue where most credit card numbers are not encrypted in the POS system and can still be found in plain text within the memory of the POS system. This allows bad actors access to your valuable customer payment data. So, you need to ensure your IT infrastructure is encrypted end to end.
5. Require multi-factor authentication
You need to move towards a Zero Trust security model where every device and user is continually authenticated. With this approach no individual or activity are presumed safe because of the terminal or location they are accessed from. Multi-factor authentication is a good first step to add an extra barrier between you and attackers.
6. Check POS for skimmers & USB sticks
Skimmers are physical devices that are put on card readers to learn and upload a customer's card details during POS transactions. USB sticks might contain malicious code that is installed onto your hardware to steal and transmit data. Ensure you have regular physical checks of these devices. This practice helps ensure skimmers haven’t been attached to capture sensitive consumer information like PIN numbers or account details. It’s also a good idea to regularly check your in-store Wi-Fi access point and network for rogue devices that a bad actor may have installed.
Rolling out these simple cyber security tips for the retail sector will help you safeguard your assets and customers from back actors and protect your critical data in the future.