used with permission from Tektonika (HP)
by Carrie Dagenhard
The retail industry is no stranger to cybercrime. In 2018 alone, Chipotle, Best Buy, Saks Fifth Avenue, and Under Armour all fell victim to massive data breaches.
Retail hacks accounted for nearly 17 percent of compromised data incidents in 2017—the largest share of breaches among industries, according to the 2018 Trustwave Global Security Report. And it makes sense: the sheer quantity of sensitive data housed by retail organizations is a glittering treasure trove for data-hungry cybercriminals.
As an IT leader in an era of heightened customer distrust, it’s more important than ever to ensure retail security. Here are three best practices you can implement now:
1. Get rid of outdated equipment and applicationsI
f you think you’re saving money by holding on to outdated retail tech, keep in mind that TJ Maxx has continued to suffer from a 2007 breach. The organization has been forced to shell out around $162 million over the past decade to account for this. While a national chain may be able to manage these expenses, a similar data breach could easily devastate a smaller organization.
Older equipment is much easier to exploit, and ineffective website and application security measures are exactly how hackers were able to get their hands on an astonishing 1.4 billion username and password combinations in 2017.
Instead of taking unnecessary risks, make an effort to upgrade and replace older and inefficient technology with products designed to monitor for, detect, and combat cyber threats.
2. Automate your security solutions
While it’s essential to educate all workers on retail security best practices, employees can be notoriously bad at following company security policies. Given the increasing sophistication of attacks involving social engineering methods, like phishing and pretexting, even the best educated and most cautious employee could risk your entire organization with one momentary lapse in judgment.
Because every device on your network represents another exploitable access point, manually stopping security threats is nearly impossible in a retail setting. That’s why its best to remove human error altogether by integrating automated security solutions. Automation can help you identify threats and quickly implement protections before a breach can progress.
3. Choose products—and vendors—wisely
Surprisingly, the 2014 Home Depot breach that compromised 56 million credit and debit cards wasn’t the result of a disgruntled employee-turned-hacker genius or a vulnerability in the company’s e-commerce system. Instead, just as hackers had done in the infamous Target breach of the preceding year, cybercriminals used credentials stolen from a third-party vendor to access the supplier portal and install custom-built malware on US and Canadian self-checkout systems, according to Infosecurity Magazine.
While Home Depot and other retailers victimized by hackers have learned many tough lessons over the past few years about the rampancy of cybercrime, their chief takeaway has been the need to be more discerning when choosing products and vendors.
To spare your organization from learning this lesson the hard way, make sure your networks and systems are airtight—one weak link could leave your entire IT environment exposed. A variety of tools exist to help you identify your weak links, too. For instance, HP offers a free Secure Print Analysis tool. All you need to do is answer a few quick questions and you’ll receive a print security rating that compares your policies with 167 other IT managers, as well as a checklist of recommendations to start tightening security in any overlooked areas.
While you tackle security hurdles within your own organization, you also want to ensure the vendors you contract comply with appropriate data breach prevention practices. If your partners lack the same attention to detail when it comes to security, your level of risk could increase. You should go out of your way to make sure you’re working with partners who work with the highest level of security defenses and have proven track records of understanding the importance of security and compliance.
The retail industry is disproportionately targeted by cybercriminals, and this trend isn’t likely to stop anytime soon. As an IT leader, you have the gargantuan responsibility of securing your organization’s digital assets, and by utilizing proper data breach prevention tactics, you can reduce the firm’s risk of becoming a cybercriminal’s next victim.