A Primer on Digital Retail Security: How to Safeguard Your Retail Systems

In an increasingly digital world, retailers must continue their digital transformation journey to keep pace with consumer demand. Retailers have long had physical security practices in place which are growing more advanced. And happening in tandem with physical security advances is the need for more sophisticated digital security practices.

Surveillance cameras and loss prevention are an important component of physical security, as are sensors and other theft prevention practices. These practices are still critical and must be maintained for in-store shopping. But there is now a monumental shift towards online shopping and buy online, pick-up in store. With this trend, if protecting the digital side of the business is not a focus already, it should be moved to the top of the list.

In 2020 84% of consumers shopped through e-commerce, compared to 65% who shopped in-store. This uptick in online shopping is in part due to COVID-19, but has been a part of a rising trend in ecommerce.

Fraud and data breaches are detrimental to the bottom line, not to mention the reputational damage. Retail fraud is on the rise and digital fraud accounts for 40% to 80% of losses. With multiple types of fraud causing losses across the business, protecting digital security is imperative for any sized business. While major online and brick and mortar retailers have robust security practices, 43% of SMBs lack a formal cybersecurity program and 63% have reported a data breach in the past 12 months.

These data breaches are increasing in frequency. Norton reported 3,800 publicly disclosed breaches in 2019, an increase of 54% from the year prior. More stunning yet is the 141% increase in records exposed in 2020. 

Breaches cost more than just dollars paid in ransomware or settlements. Research shows a 42% brand degradation after a breach, and 40% report disruptions to operations as a result, causing further losses to the business. It’s safe to say that data is not safe, and it’s important for businesses to focus on protecting the customer data they use to grow their revenue.

A great place to start in securing the business is doing a digital security audit. This can be done internally, but an external audit may be more illuminating and thorough – especially if your cybersecurity program is not mature. 

Always have the most updated versions of your software installed

Basic cyber hygiene is the most important place to start when evaluating the cybersecurity of your business. A major miss for many organizations is consistently patching devices with access to sensitive information. Software updates are critical to maintaining security, and patch management systems are often not as comprehensive, timely or prioritized as they should be to maintain secure operations.

Patches and software updates protect devices against vulnerabilities that are exposed and rectified. Organizations should prioritize getting all devices, especially POS systems up to date as part of their basic cyber hygiene initiatives.

Set the right user permissions 

Businesses must also look at who has access to systems and ensure the correct permissions are in place. When an employee is onboarded, they get access to internal systems. Ensuring they have the right access is important and should be audited regularly. 

In the case of point of sale systems, you must enable or restrict access to different POS features based on employee roles. For example, while cashiers are allowed to process sales, managers should be the only people who can process returns or refunds. 

Another consideration is employee off-boarding. When an employee exits your organization, it’s critical to revoke access and devices. This may seem like common sense, but on-boarding and off-boarding practices should be audited and evaluated for security.

Enable multi-factor authentication 

Password management may seem rudimentary, and it is. Enabling multi-factor authentication (MFA) to key systems like your POS software can help decrease the risk of password compromise and is a worthwhile investment. 

This can take many forms from apps installed onto employee’s personal devices to text or email authentication codes when logging in to unfamiliar devices. Depending on the size of your organization and type of work being done, there are many solutions available to fit your needs.

Educate your team on data breaches and cybersecurity 

Most cyber incidents are caused by human error. Common causes for these incidents include poor password management leading to account compromise and phishing. A major part of cyber hygiene is cyber awareness. No matter the size or the organization, if you have employees with access to systems, data and payment information, you have risk. Businesses of all sizes must educate their workforce on good cyber habits. 

One way to do this, is to relate security awareness to employee’s personal lives. If an individual recognizes the risk of their personal passwords and payment being compromised, they can better understand the impacts to the business. 

Though this is the bare minimum, often the understanding of the “why” behind these cyber initiatives can help increase attention towards protecting sensitive information. Many organizations use compliance training, email communication about initiatives, and phishing exercises to build awareness across the organization. These initiatives are fairly simple to implement and a good start towards better securing the business.

Regularly audit who has access to your systems

It’s not just employees with access to systems that must be evaluated. Third-party vendors and contractors are also potential risks to your cybersecurity. 

Audit who and what applications have access to systems and analyze how external parties with access to your data are managing their security programs. Taking these steps will help you evaluate how safe and secure your data is.

Separate your POS network from guest WiFi 

Another risky access point for brick-and-mortar retailers is WiFi. If embarking on a cybersecurity mission, start by separating internal and guest networks. Keeping POS systems separate from other networks provides an additional layer of security and reduces risk of malicious access.

The secure way forward

Industry data shows that 24% of all cyberattacks target retailers, due in large part to the amounts of sensitive customer information which can be compromised in a breach.

Digital retail reached a 209% year-over-year growth in revenue in 2020. While life is returning to normal in the wake of COVID-19, online shopping and new retail habits are here to stay. But the growth in digital retail attracts increased fraud as businesses work to keep up with demand. Because of this, retail is targeted more heavily by cybercriminals and retailers must be mindful of these threats in order to stay ahead of the cyber crime trends.

Retailers seeking to improve their digital security should consider taking measures swiftly to protect their business and customers. The first step is conducting an assessment of security posture and taking action to mitigate the most pressing risks.

Dedicating time and resources to this endeavor can be time-consuming and potentially costly, Depending on the present state of security, major upgrades and security measures may need to be implemented. 

This can be daunting to consider, but ask yourself: what happens if a breach occurs and these measures were not in place.