Cyber attacks in the retail and FMCG sector are not confined to ecommerce businesses such as with online payment fraud or distributor denial of service (DDoS) attacks. While these are a concern for many retailers selling online as well as in store, cyber attacks affect all merchants.
That’s because it’s not just about stealing goods or extorting money through ransoms in the case of DDoS attacks; it’s also about stealing data. That data could be your customers’ information – whether for identity theft or for gaining access to their finances – or your employees’ and suppliers’.
As the retail sector gears up for the holiday season merchants are particularly vulnerable, with cyber criminals and hackers looking for easy pickings when retailers are too busy to protect their business adequately, and where cyber security is lax.
At this time of year there are a number of things to look out for:
Protecting your employees’ data: if you employ a seasonal workforce you have a legal obligation to protect their identity and information. With GDPR coming into play next year, now is a good time to make sure that data is secure and properly managed. While it may be tempting to overlook this for seasonal employees who may be with you for only a few short weeks, their data is just as valuable to a hacker or cyber criminal as your permanent employees’.
Protecting your customers’ data: retailers are vulnerable to attack precisely because of the data they store. Your customer data is a valuable commodity and as sales peak your business will also be peaking in terms of the volume of data being processed and stored. Systems must be in place to keep it secure, and ensure that your business has capacity to handle this volume. If employing seasonal staff, it is essential that proper training is given to protect your customers’ data, and ensure they comply with your cyber security policies and procedures.
Insider threats: not all cyber attacks come from external actors; in fact 60% of breaches are linked to insiders. They may be employees, contractors, 3rd party providers or suppliers. If your business is introducing any new parties or systems to support the Christmas sales period, these need to be verified and robust cyber security measures applied to reduce the risk of insider threats. This includes securing the data flowing up and down the supply chain.
Supply chain vulnerabilities: external threats may also be closer to home than you may think. Throughout the supply chain there are many individuals who have contact with your business who, unless properly monitored and protected, may be able to access your data or systems. Your data is your responsibility, especially the data your business manages and stores data on individuals, therefore it’s your responsibility to ensure it is safe not other people and businesses in the supply chain.
Digital technology: there are many innovative technologies available that can help your business capitalise on sales in November and December. Some will help you reach more customers and sell on different platforms; others streamline the supply chain and delivery model. While these can drive sales and revenue, they can also introduce a new risk to your business. For example, malicious code in a plugin could give a hacker access to your website and from there they could access other systems such as your CRM.
Website and IT systems: while theft of data is the most significant security risk, attacks that disrupt business are also prevalent. Can you afford to lose customers and sales because your ecommerce site is down, or your IT systems that manage orders cannot be accessed? A cyber attack could also affect your bricks and mortar store, physically disrupting your ability to trade with DDoS attacks on business critical systems.
What can retailers do?
The first step is for a full audit to take place on all systems and processes that are vulnerable to attack, assessing the risk and putting in place preventative measures. Next is having robust, tried and tested, business continuity and disaster recovery plans to ensure that in the event of an attack disruption to business is minimised.
Finally, cyber protection tools such as real-time security monitoring should be deployed to proactively detect threats and address them before they become a problem. Ensuring that your business can continue to trade at this busy time of year, and into 2018.
To explore this subject in more detail, or discuss your specific business requirements, please get in contact for a chat. Call 0808 164 8732 or email firstname.lastname@example.org