Browse Articles by Category
Cyber security is an issue for every industry, and retailers are not exempt.
While big news events like utility hacks and hospital computer hijacking capture everyone’s imagination, every day thousands of retailers suffer from data breaches and phishing scams that cost money, waste time, create tremendous anxiety, and even lead to loss of brand value and customer confidence.
If you think turning your store into a Faraday cage is a solution, think again. The systems, productivity tools, cloud services and automation that can provide your business with value, and the interaction with customers using chat systems, websites, apps, and mobile devices are of tremendous value and essential for competition. But you do need to be aware of cyber crime risks, so you can deploy the precautions that will ensure you do not expose your business to bad actors.
Think in Terms of “Attack Surfaces”
It’s not just your server and computers you need to be concerned with. Routers, printers, mobile devices, tablets, cameras, 3D printers, and vendor kiosks can all provide access to an enterprising hacker. Hooking up a camera is easy, but making sure you don’t open an exploitable port is something most non-technical people don’t think about. The money you save setting things up yourself will pale in comparison to the cost of leaving yourself open to a criminal infiltration.
You’d think that by now we’d all be immune to phishing scams, and yet every day people (not just employees - owners too!) open emails, click links, and install malware that wreak havoc on their business. And once the person’s email has been infiltrated, most phishing scams are designed to quickly propagate to the person’s entire contact list. In 2019 the FBI reported 23,775 phishing scams - the top cyber crime complaint by the numbers.
Cyber criminals aren’t just trying to get at your customers’ credit card data. They would also like to get at your security systems, door codes, and passwords. Today’s hackers are increasingly using AI to create code that “learns” its way through your networks using systems of smart bots and algorithms.
This is why setting highly secure passwords (no more “my birthday + my wife’s birthday + our first son’s middle name”), changing passwords every 30 days, never repeating a password from one system to the next, storing and controlling employee passwords in secure password systems like LastPass or OnePass, and setting rules around deleting cookies and never allowing browsers to store passwords for you are more important than ever. If you fail to stop them at the door (any entry point to any device), you need to prevent them from getting out of the building with anything meaningful.
Financial and Brand Damage
If a hacker does manage to infiltrate your system and get away with customer data, the damage goes beyond the cost of repair and recovery of your systems - or ransom, in some cases. There will also be brand damage, as you must explain to your customers what happened, frighten them, and cause them the inconvenience of having to do their own security auditing and repair as a result of the breach.
The new darling of the cyber crime universe is ransomware. You may think this only occurs on television shows, but it’s happening every day to retailers around the globe. The FBI received nearly 2,500 ransomware complaints in 2020, which was a 20% increase over the previous year.
Of course, the only constant in data security is change. For every way we find to prevent a hack or a phishing scam, there will be an enterprising person lacking in character finding a new way to exploit others. Keep your ear to the ground and stay on top of technical changes (here’s a very fun-to-read free newsletter that will help you stay on top of things: http://vdb.guru/tech-brew). Your increased knowledge will help you stay on top of emerging technologies, which always bring new security considerations.
But don’t try to manage cyber security yourself. It’s a specialty, and professional help in setting up, auditing, and monitoring your environment can go a long way to avoiding becoming a victim of a future cyber crime.