Are retailers doing enough to secure their customer data?
Retail is constantly transforming, with self-service checkouts, the unmanned grocery store and ‘click and collect’ providing prime examples of the innovative ways in which technology has enhanced retail operations. Yet the systems that sit behind this frictionless shopping experience, with their complex layers of customer data, present a compelling and valuable target for cyber criminals. Whether it’s a ransomware attack on a retail chain to extort money in return for restoring systems and files, or trading stolen data on the dark web using cryptocurrency, criminal gangs will stop at nothing for financial gain.
It may seem like a generalization, but one thing that the retail industry struggles with time and again is compliance with the principles of the General Data Protection Regulation (GDPR), with 19 significant data breaches reported in the last 12 months. And the result can be catastrophic when you consider the combination of the cost of the breach itself including any GDPR related fine from the ICO, the damage to a retailer’s reputation and the loss of customer trust.
According to a recent study, 19% of consumers said they would stop shopping at a retailer in the event of a breach, and 33% said they would take an extended break from shopping with a retailer. Even if data can be recovered, regaining customer trust could prove a costly exercise, and repairing damage to the brand following the impact of negative press may prove more costly still.
While it’s a given that all staff should know how to report a breach and be fully versed in GDPR rules and procedures, it’s also important to ensure that the software and systems used in retail operations are fully covered by the latest security patches and firmware updates. IT and security managers should be looking to ensure that their entire system is protected from potential attack, including identification of any potential weaknesses that could result in the system being compromised.
Secure solutions for maximum protection
The move from legacy CCTV and analogue devices has revolutionized retail security. Modern physical technologies now used in retail for prevention and protection, such as network-enabled cameras, access control devices, audio systems and sensors can provide accurate business and security data for great benefit. However, if unsecured, these technologies can actually present a vulnerability in the system; a backdoor through which any potential attacker could gain access to the network and all of a retailer’s intelligence, including its much-coveted customer records.
It’s so important that, when specifying security technologies, retailers look to providers who can guarantee the integrity and cyber security of their solutions. Vendors that have been awarded Secure by Default accreditation, an accolade from the Surveillance Camera Commissioner (SCC), have the appropriate credentials to prove that their technologies are built in accordance with cybersecurity principles from the ground up, rather than bolted on as an afterthought, delivering maximum protection as part of any retail installation.
Moreover, Total Cost of Ownership (TCO) gives customers full visibility of any prospective solution, enabling them to evaluate many aspects that could easily be hidden, such as the critical addition of ongoing maintenance and service agreements that would include software updates and firmware upgrades to ensure long term cyber security. Customers should be wary of any provider who is not able to provide this level of transparency. Total Cost of Ownership takes a holistic view to protect people, premises and assets over the long term, to mitigate the threat of a cyber security breach, protect customer data and deliver a smarter, safer world.
Our latest whitepaper provides guidance and advise on how to better protect retail systems against cyber threat: