Retail is a sector that was quick to react to the pandemic; launching online stores if the retailer did not already have one, or expanding what they were offering online if they already had a store. This included the addition of features such as curbside pick-up. It is estimated the pandemic accelerated the shift to online retail by 5 years.
As with many organizations, this swift move to a new way of working resulted in spending less time on securing these new online channels than if they had been planned and deployed at a timescale to suit the organization. With new mobile e-commerce applications and employees working remotely, the attack surface is larger than ever before. There has also been an increase in cyber fraud as demographics not familiar with online shopping have suddenly had no other option than to order online.
Now things have started to calm down, it is vital that retailers revisit their retail cybersecurity measures to ensure the processes and technology they put in place during the pandemic are secure.
Of course it is not just changes due to the pandemic, any changes to retail supply chains may introduce extra cyber-risk. So regularly revisiting your cybersecurity strategy is a must for all retail organizations.
Protecting customer data
With an online store you have the potential to gain more information about your customer’s buying habits. The insights this data gives you can be key to making effective and profitable business decisions. It can also help you give the customer a much more personalized shopping experience, and therefore increase customer spend. Most importantly, you want to protect your customer’s data from getting into the wrong hands. To do this you need to understand the customer data that you are storing.
Consumer customer data is not a single bundle of data. There are different types of data, identified by Deloitte, such as:
- Account: Personal and transactional data, such as name and address
- Location: Physical location through mobile phone location, and virtual location through IP address
- Browsing: Browsing habits, including what, when and where
- Profile: Data from third parties, such as demographics and social media
Each type of customer data has a different business value and risk factor, and therefore you need to approach each type separately. Each type of customer data may be located on a different platform and server. You must know where each data type is stored and processed to properly secure it.
How do you keep this data safe?
Retail is a popular target for fraud and cybercrime. This is due to the huge volumes of customer data along with relative immaturity in cybersecurity.
The retail industry recognised this and the British Retail Consortium worked along side the NCSC to produce a Cyber Resilience Toolkit for Retail. As this report is also designed for non-cyber experts, such as Board members, and those in senior strategic roles, it takes a strategic as well as tactical view. The support of the Board or senior directors can often play a pivotal role in securing the funding needed for cybersecurity projects.
The report highlights some key actions that an organization needs to take in its journey to improved cybersecurity:
- Embed cyber security into the business objectives, structure and culture;
- Strengthen and develop cyber security expertise;
- Develop a positive cyber resilience culture;
- Establish the crown jewels of the business that need protecting at any cost;
- Understand the specific threats posed to the business;
- Monitor and manage cyber risk actively;
- Implement effective cyber security measures;
- Collaborate with suppliers and partners who may potentially be the weak point through which criminals can gain access;
- Plan, refine, constantly update and practise the response of the business to cyber incidents;
- Identify the systems to have in place to function after an attack. These systems may not be the largest or involve the most expensive equipment, but they will be at the heart of the operations;
- Adopt a ‘no blame’ culture so that everyone feels free to report potential issues.
Of course having great ideas and making them a reality are two different things. The important element is to take these ideas and turn them into a cybersecurity roadmap. This is where you need to draw on partners with cybersecurity expertise. activereach work with a range of technology partners to enable us to assist you with every step of your cybersecurity journey.
Good cybersecurity is good for business
Customers trust you with their data. Your reputation, and success as a retailer, depends on maintaining their trust by protecting their data.
As we approach a vitally important holiday shopping season, the threat actors are primed and ready to take advantage. Retail organizations must act now to ensure they can limit the cyber risks they will inevitably face.
Contact us or give us a call on 0845 625 9025 to discuss how activereach can help you make your retail organization cyber secure.