2013 was a data security wake up call for the retail industry, especially in the fourth quarter – just as the Christmas season was upon us - when more than half of the reported data breaches were perpetrated upon retailers, according to information retailer network security company SafeNet.
This article will address how to keep your data safe.
In the past year, Michaels Stores, Neiman Marcus and Sally Beauty Supply all reported data breaches through in-store credit card payment systems, which resulted in the loss of customer information, and thus customer confidence in an industry that is already struggling to compete with a booming e-commerce market.
The worst breach of all though, possibly the largest breach in retail history, happened at Target, where a data breach allowed hackers access to 40 million customer debit and credit card numbers and the personal information of 70 million customers, including names, addresses, phone numbers and e-mail addresses.
One way retailers have sought to save money is by tackling a major cost source – their HVAC systems, but that could open up holes in retailer network security. That was the case for Target’s data breach. The hacker gained access to the network through credentials used by the retailer’s HVAC vendor.
So, how can you improve retailer network security? How can you keep your data safe? Here are five ways retailers can better protect themselves.
Reconsider what goes on the network
Credit card and financial data are the target of hackers and so guarding the access to this data must be job number one. The first step is to evaluate all network-connected systems. Are they essential? Some systems are essential to the operation, but don’t necessarily need to be connected to the network.
Train employees to identify and not respond to phishing requests
Because many breaches start out as a simple social engineering crimes committed to get network login credentials, it is important that retailers train their employees, and outside contractors, to identify these threats and respond (or not) appropriately.
Be aware of threats by sharing information with other retailers
Cyber thieves share information so why not retailers? The Retail Industry Leaders Association (RILA) recently launched the Retail Cyber Intelligence Sharing Center (R-CISC), where retailers can share cyber threat information and gain access to training and education resources.
Secure the network – the whole network
There are many technologies that are standard operating procedure for retailers to use to secure their networks. However, if there are any contractors that need access to the network, then it’s essential that some basic level of security systems be part of their network as well. This should be insisted upon in the contract and audited on a regular basis.
Prepare an incident response plan
Even though retailers can do their very best to prepare and defend their networks from attacks, the fact is, there will always be some new threat that emerges that a firewall might miss.
After a rough 2013 of data breaches, 2014 is the year for retailers to take a closer look at data security to ensure that their network is secure from targeted attacks. In an era when most transactions are conducted by debit or credit cards, protecting this data is as important to maintaining customer loyalty as is quality merchandise and attractive presentation.