10 tips for tribal retailers to fight holiday cybercrime

Holiday festivities, celebrations and shopping are underway across the country. Credit cards are pulled out more often. Businesses are – well, busier. It’s a make-or-break time of the year for most retailers. And cyber criminals know it. That’s why they’re also more active right now. And that’s why we’re providing these 10 tips for retailers to fight holiday cybercrime, defending your tribal business – and your clients – against cyberattacks.

It bears repeating: sophisticated hackers recognize that most small businesses don’t have a cyber security plan, and as a result, attackers are increasingly targeting small businesses. According to Business News Daily, a 2022 CNBC|Survey Monkey Small Business Survey revealed less than half of respondents said they’d taken concrete steps toward implementing data security measures.   even though almost two-thirds of small businesses have been victims of cyber security crimes. According to strongdm here are small business cyberattack overview statistics:

•  46% of all cyber breaches impact businesses with fewer than 1,000 employees.
• 61% of SMBs were the target of a Cyberattack in 2021.
• At 18%, malware is the most common type of cyberattack aimed at small businesses.
• 82% of ransomware attacks in 2021 were against companies with fewer than 1,000 employees.
• 37% of companies hit by ransomware had fewer than 100 employees.
• Small businesses receive the highest rate of targeted malicious emails at one in 323.
• Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises.
• 87% of small businesses have customer data that could be compromised in an attack.
• 27% of small businesses with no cybersecurity protections at all collect customers’ credit card info.

“Retailers are like catnip to cybercriminals because of the wealth of customer data stored on their networks,” RetailDive.com reports. The article quotes Paul Truitt of cybersecurity services/managed network solutions firm SageNet, “There’s a lot of data around shopping habits and purchasing patterns now being stored by retailers — information they never had before. If you’re tying a loyalty program to a mobile payment program, those payment programs are bringing more sensitive data into the retail organization than in the past, and that’s what criminals are looking for.”

Related: Retail data breaches: How you can learn from others’ mistakes

Once the hack is known, “Your public perception takes a hit, there’s customer churn, and the fines and penalties are increasing,” the article stated.

Retailers can fight holiday cybercrime with these 10 steps

Taking steps to build up your cyber defenses are well worth your time and the small expense incurred. Here are 10 ways you as a retailer can fight holiday cybercrime and safeguard your company, employees and customers:

1. Secure physical defenses. Never leave a cash register, computer or tablet unattended. Maintain security cameras in check-out lines. The main goal here is to keep any unauthorized person from getting near your computers or registers. Limit who has access to your data and network. Know what’s being shared and what hardware is leaving your building, such as laptops and thumbdrives.
2. Invest in EMV. If your establishment still uses the traditional “swipe-and-sign” credit card readers, it’s time to consider investing in EMV chip readers that effectively block card cloning and other nefarious tactics.
3. Install software patches and firewalls. Ensure your system has a robust firewall in place, then review the security settings on your browser, email programs and software. Choose system options that meet your business needs without increasing risk: sometimes it can be a fine balance. Install and update spyware, anti-virus and malware software on a regular basis. These will help detect and prevent assaults on your network.
4. Taking work home? Don’t work from home on the same computer that your kids play games on or your teens access their social media from. Those are all-to-easy ways to be hacked.
5. Limit WiFi networks. Monitor the use of mobile devices and public WiFi access for employees. Make it abundantly clear what can be transmitted using a public WiFi and what should never be transmitted. Employees should use public Wi-Fi only in very limited circumstances, because hackers can easily intercept public Wi-Fi. Any data that shouldn’t be made public, such as proprietary business or customer information or credit card numbers should not be transmitted or accessed through public Wi-Fi.

Related: How a safety retail audit can drop your shop’s risks 

1. Strengthen passwords. Another way retailers can fight holiday cybercrime is to make your passwords more robust. An easy deterrent, all passwords should be at least 8-10 characters long, made up of letters, numbers, capitalized letters and special characters. Change them at least 3-4 times a year. Don’t share your passwords; require employees to create their own.
2. Train employees. Your workers are your first line of defense, so teach them how to protect sensitive information, particularly if they have a business email account at your establishment or have Internet access. Discuss and test commonly used email or social media phishing tactics, with employees. Carefully select online computing services, because information you share can be compromised by their systems. Set social network profiles to private and check security settings. Be mindful of what information you post online.
3. Secure data. Ensure that any sensitive data you transmit is encrypted by the retail service’s software, particularly if you offer online shopping. Your software solutions must include end-to-end software encryption, another level of security that prevents hackers, internet service providers or any other third party from accessing, stealing or damaging cardholder data or other information during its transfer from one system or device to another. It’s also a good idea to house any employee data on a dedicated computer; limit access to this computer.
4. Scrutinize vendors. Selecting your online computing services with caution is another way retailers can fight holiday cybercrime. Any data shared with vendors can be compromised by their unguarded system – and you will be held at least partially responsible.
5. Have a breach plan. Plan for the worst. If a breach occurs, how will it be managed? Have a clear protocol for who will manage the situation and what steps should be taken, including notifying Arrowhead Tribal.

While cyber security poses a serious threat, tribal businesses can get risk management help from Clear Risk Solutions, our risk assessment and loss control partner.

Clear Risk Solutions can assess a company’s cyber security risk and help the owner create a strategy through education, evaluation and planning. This can include recommendations, employee training and tips for best practices.

Resources:

Cybersecurity Best Practices for Tribal Government

5 Essential Cybersecurity Tips for Every Small Business Owner

Four Recommendations for State and Tribal Governments Formulating Their Cybersecurity Plans – Information Technology Industry Council