World wide, online shoppers are being cautioned about Black Friday and Cyber Monday shopping sales, as the season invites additional opportunity for cyber criminals to steal payment data via online shopping sites.
Black Friday sales could be targeted as “prime pickings” for cyber-crime, the UK’s National Cyber Security Centre has warned shoppers along with the Australian and US national security equivalents, as the silly season approaches and a forecast of record sales online leading up to Christmas.
Retailers Naughty and Nice List
Retailers have also been put on notice with Santa’s naughty and nice list of cyber secure retailers who are storing shoppers private information securely and taking their cyber security responsibilities seriously, has been published by LastPass.
With the Christmas season fast approaching, research by LastPass has revealed that retailers still have work to do to encourage strong password security and support two-factor authentication (2FA).
Apple is the most secure U.S. online retailer for customers, followed by Best Buy, The Home Depot, Amazon and Qurate Retail Group (owner of QVC, HSN and Zulily).
So who’s been naughty? Topping that part of the list is e-commerce furniture company Wayfair, followed by Walmart, eBay, Macy’s and Costco. In conducting the research, LastPass examined 17 criteria related to the account, password and website security features of top retailers.
LastPass said it wanted to present consumers with guidance as to which sites best protected their personal information from data breaches. Among the criteria for the research: password requirements; the use of security questions; personal information collected; use of two-factor authentication; social media logins; and how forgotten passwords are handled.What are retailers doing to protect customers? research – retail.
Lots of opportunity
This is the time of year where savvy cyber criminals see an opportunity. Last year, the Carbon Black Threat Analysis Unit reported that organisations saw a 20.5 percent increase in attempted cyber attacks between November and December 2016. This seasonal period is a goldmine for the latest generation of hackers to steal customer credentials as well as being the cause of damage to a retailer’s reputation.
Steps to be a cyber safe retailer.
For online retailers, the challenge remains to stay one step ahead when it comes to protecting customer data and keeping web sites and supporting infrastructure up and running. To stay secure this festive season, retailers need to invest in encrypting data at rest and in transit in additional to their normal mitigation activities.
These tactics have to be top of mind if retailers want to stay one step ahead and keep critical customer data safe:
1. Encrypt all data stored
2. Avoid using unsecured email to send customer data.
3. Ensure all admin passwords are updated to strong passwords
4. Increase your cyber security team to monitor transactions
5. Warn shoppers on how to be safe online
6. Educate staff to not click on any emails they are not expecting.
Your exposed. There are a lot of different ways that attackers can gain access to your systems. But if your data is encrypted – it is totally useless to them. Ensure that you have looked at all the ways that you are vulnerable and fix them. With a greater proliferation of devices and indeed data now stored in a physical shop, there are more ‘ways in’ for hackers to infiltrate the network..
1. Your databases
2. Third party providers
4. Smart systems used instore
5. Ensure all cloud platforms are encrypted
6. Your online stores and websites
Rewarding employees to prevent a cyber breach
Whilst a there is a lot of finger pointing at employees as one of the biggest cyber risk within an organisation. Some companies are taking employee training to the next level and encouraging active participation in preventing cyber attacks (but sadly not enough in retail).
Findings from CyberArk’s annual Threat Landscape report revealed that only 39% of IT decision makers working in retail would reward employees who helped to prevent a security breach in 2018. This lags behind IT telecoms at 62% and healthcare at 42%. Clearly, this sector has to innovate and learn how to incentivise a culture of cyber security best practice. Brand reputation and retaining a solid customer base depends on it.
Typically, the retail sector has lagged behind other sectors, as it often employs IT contractors rather than in-house staff to be up-skilled and trained in cyber security best practice. The fight against cyber-attacks has to involve all employees, right from the staff on the shop floor through to the chief technology officers behind major online brands.
Retailers have an obligation to their customers
A greater understanding of “good cyber practices or staying safe online” can also be applied to shoppers. Many fall victim to phishing scams.
Emails or adverts that look like they are from their favourite retailers offering special deals, may actually lead to malicious websites or fake domains.
Consumers should think twice about saving their credit card details on a site. As criminals look to hack many retailers this Cyber Monday and throughout the festive period, it is safer in many instances to not save sensitive details.
Whilst the holiday season offers retailers a huge opportunity to engage with customers and boost profits – they must ensure that they have taken every measure possible to safeguard against cyber-attacks in the process.
Quick and convenient deals to bring in the customers should not be at the expense of security or good cyber hygiene and a failure to protect customers from the cyber threat has the potential to cause reputational damage and significant costs.
Cyber security is a year round commitment.
To read more about how to securely store and share information that matters see our Cryptoloc Technology solutions.