Introduction: It’s that time of year, again; Christmas! This isn’t always a happy and joyous time for everyone, especially with what we’ve all been through to one degree or tuther in 2020. We wanted to ensure that retailers are improving their security posture to help better protect their customers from any further difficulties when looking to find the perfect gift for their partner, Mother-In Law, or for their little ones. We spoke with Greg Touhill from ISACA to capture some pointers for retailers in the lead-up to this Christmas.
Top Seven Tips For Retailers To Sell Safely This Christmas
By Greg Touhill, ISACA Board Director
The Christmas season is an important time for retailers as it represents the peak buying period for consumers, with 71% of retailers in Australia identifying that online sales are expected to exceed the same period last year, according to Deloitte Consulting. It is also a time when cyber criminals look to feast on inadequately protected electronic commerce websites, telephone and point of sale systems.
A recent global COVID-19 cybersecurity survey conducted by ISACA indicates only 51% of technology professionals and leaders are highly confident that their cybersecurity teams are ready to detect and respond to the rising cybersecurity hacks, occurring in part due to the big shift towards online purchasing.
While use of e-commerce was already expanding before COVID-19, it has rapidly accelerated as businesses around the world quickly evolved and expanded their online presence as everyone attempts to cope with longer periods of working from home and health concerns about traditional retail shopping. This broader quick deployment to online shopping has, unfortunately, also led to an increase in the sophistication and number of attacks that directly target the underlying platforms that power e-commerce sites around the world.
While we are all in the festive holiday season, we must not let down our guard when it comes to cybersecurity. There are plenty of cybercriminals on Santa’s naughty list that will be looking to trick you this year, so follow these tips to protect yourself and your business, so you don’t find a lump of coal in your stocking:
1. Keep your computers properly patched and configured. Just like your customers, you make it easier for cyber criminals when you use devices that aren’t running the most secure software and configurations.
2. Ensure your website is secure. Make sure that you are compliant with the payment card industry’s security requirements and are leveraging end-to-end encryption through the https standard.
3. Watch out for doppelgangers! Invest in looking for criminal imposters posing as your company online in an effort to steal from your customers. This could harm your brand and its reputation. Many companies buy subscription services from threat intelligence firms that actively hunt for doppelgangers. During the holiday season, this may be a great investment.
4. Invest in your help desk and seasonal workers’ training. Cyber criminals don’t just try hacking your website, they also try hacking your people. Criminals attempt to fraudulently take advantage of companies earnestly trying to keep customers happy by swindling help desk and seasonal workers out of unwarranted discounts, phony returns or replacements, and other techniques. A well-trained workforce reduces your risk exposure and improves customer satisfaction.
5. Invest in Penetration Testing before going online. Many companies create special products or services online during the holiday season. You want to ensure that whatever you post online is unimpeachable. Before you activate your website, invest in an independent third-party penetration tester to try to defeat it. Check their references to make sure they have the right stuff to protect your business!
6. Pick your partners well. Most retailers have relationships with many firms. Third-party processing of critical customer identity, privacy, and financial information is commonplace in the retail world yet expands your corporate risk exposure. Ensure that those you outsource functions to continually demonstrate the ability to properly protect the sensitive information you share with them. Your brand and reputation are on-the-line!
7. Lock down your Point of Sale devices. Regardless of the retailer, your point of sale devices are very visible and accessible devices that are subject to cyber tampering. Follow a Zero Trust security strategy. Leverage technologies like software-defined perimeters and micro-segmentation to reduce your risk exposure. Train your workforce to continually look for evidence of device tampering and emergence of skimmers and other malicious devices.