by Damon Culbert
The retail industry is the most at risk from cyber attack, with one report from Business in the Community suggesting that 43 percent of retail businesses have the fewest cyber security measures in place. With Black Friday around the corner, the retail industry is headed into the busiest period of the year.
While most cyber safety advice targets the consumer, the onus of online security is increasingly in the hands of businesses to keep client data safe and ensure a safe shopping experience. GDPR is in full force in the EU and the US Federal Trade Commission (FTC) is cracking down on businesses mistreating client data and trust, making customers are more aware of their data privacy than ever before. Personal data breaches are also one of the most common types of cybercrime, rising by more than 60 percent in 2018.
On the other hand, reports of cyber credit card fraud and identity theft have declined, both rates reaching a four-year low. This suggests that online shoppers are becoming more aware of the common pitfalls and scams but businesses are consistently leaving confidential data exposed to cybercriminals.
Over the holidays, the best way to keep your customers happy and your business healthy is to understand common cyber threats and how to prevent them from causing a problem.
Most Common Cyber Security Issues for Retailers
Staff issues
90 percent of all personal data breaches are staff-enabled. Either by accident or maliciously, people are the weakest point of any business. Cyber security is everyone’s responsibility, so ensuring that everyone has the same level of understanding on cyber hygiene is essential to prevent major issues from happening.
Unauthorised access/theft
Cybercriminals work in many different ways. Theft or unauthorised access of computers and devices can result in personal data being stolen or transferred. Leaving data vulnerable on unencrypted devices or easily accessible for those without the proper clearance could cost companies both in fines, revenue and reputation.
Phishing
One of the most regularly used cybercrime strategies, ‘social engineering,’ utilizes techniques to trick staff into clicking on compromised links, giving away sensitive data or authorizing bogus payments. Training on identifying phishing emails and implementing things like two-factor authentication for payments can avoid these types of crimes affecting business.
DOS/Ransomware
Denial of Service (DOS) is where cybercriminals make computers unavailable to users, typically by causing machines to crash. Ransomware, on the other hand, is where malicious actors lock areas of a device and agree to release them again once a ransom is paid. This could result in losses of client data or interruption of the work day indefinitely.
Steps To Prevent Cyber Crime
Train staff
Staff will always be one of the weakest links in your security chain because each staff member carries the potential to open the door to attackers. By providing consistent and thorough training, businesses of any size will help reduce this threat and ensure that everybody is working together against cyber risk.
Cyber insurance
While this may seem like an unnecessary cost for small business owners, falling victim to cybercrime is often a case of ‘when,’ not ‘if’. Investing in cyber insurance can help cover costs in fines, lost revenue and compensation should an attack affect you and your customers.
Follow Cyber Essentials/Basics
The National Cyber Security Centre (NCSC) in the UK has produced a Cyber Essentials guide for small businesses with five simple steps to improving cyber security no matter the size of the business. NCSC also have a follow-up 10-step program for any businesses looking to advance their security measures. In the US, the FTC provides guidance on the Cybersecurity Basics with key advice on what small businesses need to remember when keeping their data secure.
Test and monitor
Regularly testing and monitoring your company’s cyber security measures is a vital aspect of cyber health. Online criminals are becoming more sophisticated by the day, so keeping up with developments in the industry requires constant review. For small businesses, consider outsourcing security measures or simply keeping an eye on your security on a regular basis.
The holiday season is one of the biggest opportunities for businesses to drive sales and draw in new customers. With data security at the forefront of everyone’s minds, businesses following these steps will ensure they and their customers have the safest experience possible this year.
This article was provided by Damon Culbert from Cybersecurity Professionals (www.cybersecurity-professionals.com), specialist cybersecurity jobsite worldwide.