Retailers Need to Take Mobile Device Security Seriously
As retailers move towards enabling more of their front-line employees with mobile devices, they're finding that if they don’t take the necessary precautions, they're leaving themselves increasingly exposed to threats from security compromises.
According to the latest Mobile Security Index from Verizon, retailers, wholesalers and hospitality companies reported a significant spike in mobile compromises in 2018 compared to the previous year. In 2017, 16 percent of respondents in those categories reported that they experienced a mobile-related security compromise. In 2018, that number almost doubled to 31 percent.
So where does the weakness lie? Often, it’s not the device but critical errors by users that leave businesses exposed to mobile-based threats.
The Index found unsecure Wi-Fi hotspots (44 percent) and loss or theft of a device (41 percent) were the two biggest causes of mobile-related compromises affecting retailers.
While loss or theft is fairly self-explanatory, unsecure Wi-Fi can catch employees unaware and do a lot of damage. Often this takes the form of bad actors setting up phony Wi-Fi connections at popular coffee shops and meeting locations, hoping to trap unsuspecting users who will jump on to the first name that “looks” right.
Retailers need to stress to their employees that if they're on a company mobile device, they need to be on their own secure network. If that network isn't available, they should leverage their device’s 4G internet connection, which can be layered with security software.
As mobile devices in and out of stores are used to help increase productivity and sales, security breaches carry a greater threat to business operations.
The mobile devices might not hold much sensitive data, but they're increasingly used to access core business systems that do handle this information, whether that’s customer details via reservation or point-of-sale systems, company financials, or even intellectual property.
The consequences of these breaches are largely time and money, two things a retailer cannot afford to lose.
Sixty-seven percent of retailers that reported a mobile security breach said they suffered downtime, while 59 percent said other devices became compromised as a result of the initial breach, and 56 percent said they lost data. Twenty-two percent of retailers that have been the victim of a mobile security breach experienced all three of those consequences.
Downtime is costly whether you're a big-box or a mom-and-pop shop. Every minute you’re unable to operate, you’re potentially losing customers. Or worse, if there is a data breach, you’re actively losing money and possibly harming your reputation.
A key challenge is that retailers are overly confident about their mobile defenses, with 81 percent saying they had effective mobile security in place. Unfortunately, these opinions don’t align with the facts. Not only did 31 percent of retailers suffer a data compromise, over two-thirds (70 percent) of those that did were notified of it by a third party, a customer, partner, or law enforcement.
Retailers are leaving mobile devices exposed to a degree they would never tolerate when it comes to other IT systems. Therefore, retailers need to enact solutions that could help them spot and correct mobile security issues. Private mobile network, unified endpoint management and mobile threat detection are all part of a comprehensive mobile security plan.
Michele Dupré is group vice president at Verizon Enterprise Solutions.