How Retailers Can Keep Customers and Companies Secure
Now more than ever, cybersecurity is one of the most important concerns and key area of risk for businesses. Recently, the EU’s deadline for compliance with the General Data Protection Rule (GDPR) passed, leaving companies with the significant responsibility to align with the new law and demonstrate firm control and security over customers’ data.
Implementing measures to protect the data of customers, partners and your own business is a key step in mitigating cyber risks. With the rise of digital transformation, e-commerce and the pervasive use of mobile across industries, the challenge to reduce risks is greater than ever for retailers, as these innovations allow organizations to access vast amounts of data on shoppers.
Despite the increased risk of cyber breaches on mobile devices, many retailers haven't taken even the most basic precautions to protect their data and core systems, overlooking mobile cybersecurity principles and leaving customers vulnerable to attacks. Verizon’s 2018 Mobile Security Index found that nearly one-third of companies, including those in the retail and hospitality space, knowingly sacrifice mobile security to improve speed to market and business performance.
Retail’s Unique Cyber Problem
Retail organizations are entrusted with immense amounts of payment card data, making them prime targets for financially motivated cyberattacks. Furthermore, 67 percent of retailers reported concern over customer data being comprised, more so than any other industry, and 82 percent see mobile devices as a risk. This comes as no surprise since retail companies face distinct challenges. Many employ large numbers of workers, most of which are often part-time or seasonal contracts who may not take security as seriously as permanent employees. Given this, companies in the retail sector are the most likely to believe that employees are their biggest concern when it comes to security, with 29 percent considering them to be in their top pool of suspects.
With organizations across all sectors in agreement that companies are complacent about mobile security and a strong majority under the belief that they should take it more seriously, it’s imperative that retail organizations take the necessary steps to secure their networks and protect customers from data breaches, particularly mobile-related incidents.
Keeping Customer (and Business) Data Safe
To elevate mobile security, there are a series of recommended steps retailers can take to ensure they follow proper cybersecurity protocols. These encompass protections surrounding applications, devices, people and networks:
1. Reduce the risk of vulnerable applications.
In today’s digital age, employees increasingly have access to almost anything online right from their work device. To stop the spread of malware from suspicious apps, prevent employees from downloading apps onto work devices unless they're specifically needed on the job. This could even entail developing a custom app store that vets all apps that are accessible by employees. Additionally, deploy application management software that scans for vulnerabilities to catch any potential threat.
2. Improve device management.
With so many employees and customers alike using mobile devices to fulfill tasks, enforcing a device enrollment and strong password policy can help to alleviate security concerns. For added protection, retailers can implement a mobile device management (MDM) system and enforce encryption, while encouraging employees to keep personal and work data and applications separate.
3. Increase user awareness and incident preparation.
A key element for retailers in the pursuit of a more secure system with protected data is keeping mobile device users aware of the risks and prepared for incidents. Providing regular security training, testing employee awareness of mobile security at least annually, and enforcing mandatory training can help in the process. As an additional step, retailers are encouraged to create an incident response plan and ensure employees are aware of what to do in an incident.
4. Reduce the use of unsecure network connections.
With the rise of digitalization and mobile device usage, the importance of a secure network connection is now greater than ever. To ensure a secure connection, retailers should create a public Wi-Fi policy and educate users on the dangers of unsecured networks. They’re also encouraged to develop a private mobile network and limit access to all corporate resources for mobile devices not using it. Finally, deploying data loss prevention software to provide early warning can help retailers combat the risks associated with unsecure networks.
With these recommendations in mind and with a targeted focus on applications, devices and people, retail organizations will be better positioned to combat financially motivated cyberattacks and protect their customers. Through these simple actions and a flexible framework, retailers can anticipate a more secure operation and reputation, stimulating a stronger organization overall.
Michele Dupre is a group vice president at Verizon Enterprise Solutions.
Related story: 4 Ways to Make Your E-Commerce Site More Secure