Partner Voices: Stay on Top of Security Solutions to Keep Retail Networks Safe and Compliant
Cybercrime and network attacks are becoming increasingly common these days, and retailers are frequent targets due to the fact that their networks hold treasure troves of personal information on their customers. All that data is where the money is, and because many retail networks are spread out over a distributed environment, hackers are keen to just follow the yellow brick road to the payoff.
Attacks on enterprise retailers have been reported in the mainstream media, but small retailers are in hackers’ crosshairs as well — and likely viewed as easier targets. IT security is constantly evolving, but threats are faster, with web app attacks, cyber-espionage and intrusions that affect point-of-sale (POS) systems or devices the most common threat vectors, as noted in the Dell Security 2016 Threat Report. In fact, last year saw a surge in malware that targets POS systems. All of this puts network security in constant catch-up mode.
In addition, many retailers now offer in-store wireless service, another attractive target for hackers. This level of service provides a personalized shopping experience that’s very appealing to consumers, and it’s common to see them looking for online coupons, surfing the web or texting while browsing or standing in line to make a purchase. Consumers expect that when accessing a wireless network it will be high performing and secure, but beyond that, retailers need to look out for their own interests by protecting their WiFi networks with the appropriate security solutions, or face potential risks including stolen customer and company data, financial loss, and a damaged reputation.
Furthermore, security for organizations that collect credit card information will be affected by changes to the Payment Card Industry Data Security Standards (PCI DSS) scheduled to go into effect in June. These new regulations will change the way all retailers must secure their networks if they are to stay compliant.
So, how do retailers, both large and small, stay on top of securing both their wired and wireless networks to keep bad actors at bay and comply with government and industry regulations? First, let’s take a look at some of the ways hackers can breach a network. Hackers use a “threat vector” to gain access to one or more systems or servers on your network, where they then can compromise systems and deliver a malicious payload such as a virus, worm, Trojan or spyware.
Threat vectors include phishing, an email fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from unsuspecting recipients; and “malvertising,” which involves using online advertising to spread malware, which then captures information from an infected machine or searches the network to find servers and other systems that can be compromised. These threats can infiltrate your wired network directly or worm their way in via customer devices connected to your wireless network.
Retailers with distributed networks face a number of pain points when it comes to network security, including:
Trade-off between throughput and security: The falling costs of broadband connectivity and online storage have prompted companies to move more data to and from their networks. However, as rates of throughput increase, a five-year-old firewall becomes a bottleneck in both speed and ability to block new threats.
PCI DSS: Retailers collecting credit card information must comply with PCI DSS. Among the current requirements are the installation of a firewall to protect cardholder data, and restricted access to that data on a business need-to-know basis. The new regulations coming in June will present additional security challenges requiring the capabilities of next-generation firewalls to maintain compliance. Changes to PCI DSS include:
- clarification that applies to any entity that stores, processes or transmits account data;
- change of reference from PCI DSS “personally identifiable information” to “personal information”;
- clarification that validation processes for service providers include conducting their own annual assessments or undergoing multiple on-demand assessments;
- removal of SSL as an example of a secure technology, as well as an added note that SSL and early TLS no longer are considered to be strong cryptography and cannot be used as a security control after June 30; and
- clarification that passwords must be changed at least once every 90 days.
Ever-widening perimeter: Remote workers and long supply chains continue to extend the network perimeter farther from headquarters to remote store sites, decreasing the control IT has and increasing the organization’s vulnerability.
Wireless integration: Many retailers use wireless to keep shoppers in stores spending money. A wireless controller adds to the cost of remote site infrastructure, however, and if it’s not integrated with the firewall, it may introduce yet more vulnerability at the network perimeter.
Wireless connectivity improves the retail experience, but it also opens more avenues for attack. As a retailer, you need to protect your network from viruses, spyware, intrusions and other threats that can infiltrate from customer devices. You also must be sure any financial or personal information you’re sending across a store’s wireless network is secure from cyber-thieves, or risk being noncompliant with PCI DSS, while also ensuring that anyone connecting to your public WiFi cannot gain access to your internal network. And it’s critical that your public WiFi is completely segmented from your POS.
How does a retail organization best protect its network and stay compliant? The best way to ensure compliance with the new PCI DSS regulations is to focus on store security, and that starts with a next-generation firewall.
Products like Dell SonicWALL Network Security Appliance (NSA) Series of next-generation firewalls secure inbound and outbound traffic from threats, provide you with the tools to determine which websites employees can and can’t access, and allow you to identify and control the applications used on your network as well as how much bandwidth you want to allocate to them. NSA Series appliances integrate automated and dynamic security capabilities into a single platform, combining a patented Reassembly Free Deep Packet Inspection (RFDPI) firewall engine with a powerful, scalable, multicore architecture to block new sophisticated threats and provide real-time SSL decryption and inspection that addresses the new PCI DSS requirements.
Adding a wireless network security solution to your security perimeter will ensure both your wired and wireless networks are protected from threats, and it secures customer data that moves across the wireless network. With wireless in your security perimeter, you can separate customers from employees and employ a consistent set of protection policies across both wired and wireless networks. Security solutions like Dell SonicPoint Series wireless access points, combined with a next-generation firewall, strengthen wireless security in-store and provide small to midsized retailers with both enterprise-level wireless protection from threats and security for customer information.
By focusing on the right protocols, your network will be secure and your customer information safe. Here are a few more tips to include in your strategy:
Understand your crown jewels by focusing security efforts on the most important areas — data, brand, privacy, applications, people.
Practice good digital hygiene, including doing the following:
- Keep current on patches and updates containing the fixes to block exploits as soon as they’re available.
- Utilize a next-generation firewall such as Dell SonicWALL NSA series as an inspection, data-gathering and control point.
- Manage identities and access, especially for privileged users, who provide the entry point for adversaries and, therefore, are the root of most breaches.
- Utilize stronger authentication and adaptive authentication.
- Schedule annual big picture security reviews.
- Develop strong remediation plans and have appropriate resources on retainer.
By incorporating a next-generation firewall and the tips above into your security strategy, you can rest assured that your network is secure and compliant with PCI DSS, and you won’t ever have to play “catch up."