How cyber security can help reinforce your retail environment
The reported number of cyber-attacks on businesses is growing exponentially year-on-year, with breaches both in the UK and the US exposing millions of consumers’ data and resulting in substantial compensation claims. Last year alone, an average of 230,000 cyber-attacks were conducted on each UK business (Beaming Cyber Report 2016) and in 2015, two-thirds of large businesses faced an attack (Cyber Security Breaches Survey). In spite of this, it’s been reported that only 50% of firms who experienced frequent breaches actually took action to combat the continuing threat.
Cyber security and retail
The retail industry is unfortunately a regular victim to cybercrime, its biggest vulnerability also one of its greatest assets – the EPOS system. Electronic Point-of-sale (EPOS) systems, while introducing new and innovative technologies that continually reinvent and improve the customer buying experience, are also the point at which a retailer gains that customer’s card data. As such, credit and debit card readers are an attractive target for cyber criminals, who are able to access these details in the brief window that they are stored on a terminal’s memory while a transaction is being processed. This is a process called “memory scraping”, allowing them obtain a customer’s card details as a card is swiped. Adopting Europay, MasterCard and Visa (EMV) or “Chip-and-PIN” as it’s more widely known can mitigate this issue, however as more cognitive security measures begin to develop, hackers always seem to be right on their heels.
How to defend your retail environment
There are a number of different ways in which you can suitably protect your retail environment from cyber attackers. A wide range of procedures can be implemented to ward off any unauthorised attempts to access your business’ data.
Multiple layers of deep defence
It’s critical that security is applied to every conceivable endpoint that exists across your site and your systems – covering all bases from Wi-Fi to printers. Defence is always stronger with depth, too, so while endpoint solutions are a fantastic way of fending off attackers at the gate, having walls, a drawbridge and a fully-fledged fortress is far more likely to offer you a better chance of protection. Just fulfilling the security requirements to achieve payment card industry (PCI) compliance is no longer enough. Having plans and processes prepared to identify and deal with minor breaches could be the defining factor between a close shave and some serious damage – nip intrusions in the bud by tracking and monitoring all endpoint activity, and have an incident response plan ready so you can leap into action quickly. Only 10% of UK businesses who have experienced a breach have an incident management plan in place (Cyber Security Breaches Survey).
Secure your sensitive data
Retail environments come into contact with sensitive data on a daily, even hourly, basis, and by ensuring that both this, and your company email, is suitably encrypted both when in transit and at rest, you are putting up more complex barriers that will help block and dissuade hackers. Push this even further by segmenting your network and your sensitive data to vastly reduce the likelihood of a single device compromising all of your systems. Conducting a sensitive data audit can also allow you to find out exactly where your data is stored, and what’s more, remove any irrelevant or unauthorised data which could be taking up valuable storage space.
Keep your systems updated
Some EPOS systems are still running on outdated, legacy software that is either no longer supported or else does not have sufficient security protection. It is vital, therefore, to ensure all software and security tools are frequently updated and patches are applied on a regular basis. Technology moves quickly and a system that may have worked perfectly a year ago could already be falling behind today’s advances. Applying such intelligent measures as multi-factor authentication shows your customers that you are constantly investing in their safety, leading to greater trust and brand loyalty.
Restrict access and encourage education
Employees have a lot of visibility over the data that is exchanged within a retail environment. In fact, 70% of people who are arrested for cybercrime are typically employees. Consequently, encouraging staff to undergo rigorous security training raises their awareness of what they need to look out for or do to alleviate the possibility of a cyber-attack. Employ or assign security specialists to track your business’ daily endpoint activity – this way breaches can be recognised and eliminated more efficiently. Restricting or specifying employee access to data can also minimise the risk of over-exposure, such as implementing Role Based Access Control (RBAC) to approve or block any user’s rights to access certain data, sensitive or otherwise, to give you back control. Likewise, it’s imperative to protect your back office systems from overuse by staff, restricting access to this also and educating staff on security best practice.
At TLM, we know just how important it is to have a full, reliable security solution in place to protect your business, your data, and your customers. If you would like to receive some key advice as to how best to implement a cyber security solution to your retail environment, please get in touch.
Get the latest technology for convenience and fuel
Learn how we’ve helped over 1900 businesses become smarter and more profitable through technology