The age-old saying ‘prevention is better than cure’ certainly rings true when you’re looking at cyber security.
Retail is an increasingly attractive industry to cyber criminals due to its highly distributed environment with multiple endpoints and point of sale devices, and the large volume of personal information it contains, such as credit card data.
Retail is leading the way for the most cyber attacks per client of any industry, says the 2016 NTT Global Threat Intelligence Report. Coming in second is the hospitality, leisure and entertainment sector, followed by insurance, government, and manufacturing.
The retail sector had 2.7 times as many cyberattacks as the finance industry, which topped the list in the 2015 report and dropped to fourteenth spot in 2016.
Remaining vigilant and ensuring your stores remain untouched means taking some smart steps to protect your brand.
Tips for a healthy network
Typically, in-store network security is much more relaxed than support office security, particularly in franchise businesses as they may be using local IT providers who aren’t necessarily using best practice security methods.
Firstly, I would advise using a standard IT provider across the company and franchises.
Once a year it’s also worth approaching security audit specialists for an audit of security which helps to keep IT providers honest.
Cyber attacks are not always initiated from the outside. Sometimes they are caused by someone locally doing something which is unsafe, either knowingly or unknowingly. Everyone knows the aptly named ‘Trojan’ scenario.
The premise is – if you can get something inside a network, if it activates and makes an outbound connection, then the hacker has a window into the network, and a starting point to do whatever they want.
The first place to ensure locally triggered attacks are harder is computer-based protection:
- Anti virus
- Firewalls
- Windows updates
Staff policies
- Do not use flash drives
- Do not download anything
Next is to try and prevent cyber attacks from the outside with network-based protection:
Pure WAN/VPN connection for stores
- Ensuring appropriate firewalls restrict any entry from non-WAN sources into the local store
SQL authentication connection security.
- For example, DIA/Government where connection SQL users are different to the local software SQL users
Signed SSL certificates for web services and integration points
Corporate encrypted WiFI in-stores
- Don’t use just standard WPA and WEP
- Include whitelisting in-store devices on the business network
Separate networks for guest and staff devices
- For example, don’t let your staff connect to your the network which POS and other business critical systems use