Retail cyber security best practices

In the event of a retail security breach, 19 percent of consumers say they would stop shopping at the affected business. With a further 33 percent saying they would take a break from using that retailer. Can your business survive a significant drop in revenue?

The ransomware business model has proven to be particularly effective and continues to be the main threat to the retail sector. The financial toll of rectifying a ransomware attack can be substantial; when you consider downtime which results in lost sales and labour costs. This is in addition to the payment of the ransom sum, which, although ill-advised to pay, may sometimes be the final option. If you’re looking to protect your operation and prevent attacks like ransomware from being successful, we’re listed our recommended retail cyber security best practices. We recognise that every retailer is different and faces different risks that require responses that help achieve business objectives but there are several common practices that can help all environments.

Ensure your base security is up to standards

Running on a valid SSL certificate, within GDPR or other local guidelines and on the Payment Card Industry Data Security Standard (PCI DSS) is your first step. In fact, in most places, these will be legal or consumer trust requirements. Secure your servers and admin panels. Most E-commerce sites come with out-of-the-box default passwords that are simple to guess. Businesses should take care to ensure that these default passwords are swapped for strong, complex passwords. In some cases, organisations may be able to configure the hosting site so that it notifies an admin in the event of an unknown IP that attempts to gain access.

Implement a robust password update requirement and multi-factor authentication for every device accessing your secure network. Don’t allow guests to connect via the same WiFi connection. Host them on a different network. An expert implementation partner can help you configure these basic security measures.

Carry out pen testing

You need to be prepared for an attack. And one way to do that is to understand where your vulnerabilities are so you can block those routes. Carry out vulnerability scans and periodic penetration testing to ensure that your current IT systems are in working order and not at risk from known vulnerabilities and threats. These tests will highlight any potential cyber security weakness, ensuring full IT availability during peak retail periods. This should protect you from taking a revenue hit should your website be targeted during a peak season like Black Friday or during the January sales. Don’t risk a DDOS attack when you’re counting on those sales to give you a significant boost. Test regularly as new threats emerge all the time.

Educate your team

According to IBM, over the past two years, insider threats in the retail industry have grown by 38%. Moreover, 81% of malicious breaches start with compromised passwords. Therefore, training employees on cybersecurity best practices, including password hygiene, is critical. You’ll want to regularly test them. This should include practising your disaster recovery plan in real-time to see how quickly you could get up and running if the worst were to happen. Having a fallback plan is one of the key retail cyber security best practices that businesses often overlook.

If you don’t know how to create, deploy, or test a disaster recovery plan, talk to our helpful team today.

Want to learn more about Retail Cyber Security?

New call-to-action