10 tips for tribal retailers to fight holiday cybercrime
Holiday festivities, celebrations and shopping are underway across the country. Credit cards are pulled out more often. Businesses are – well, busier. It’s a make-or-break time of the year for most retailers. And cyber criminals know it. That’s why they’re also more active right now. And that’s why we’re providing these 10 tips for retailers to fight holiday cybercrime, defending your tribal business – and your clients – against cyberattacks.
It bears repeating: sophisticated hackers recognize that most small businesses — 79 percent, according to PropertyCasualty360 — don’t have a cyber security plan, even though almost two-thirds of small businesses have been victims of cyber security crimes. Here’s the way it breaks out for attacks against small businesses:
- 44% experienced a computer virus
- 30% fell victim to a phishing attack
- 22% had a Trojan horse attack
- 16% were hacked
- 11% experienced a data breach
- 10% had problems due to unpatched software
- 9% experienced unauthorized access to customer information
- 8% experienced unauthorized access to company data
“Retailers are like catnip to cybercriminals because of the wealth of customer data stored on their networks,” RetailDive.com reports. The article quotes Paul Truitt of cybersecurity services/managed network solutions firm SageNet, “There’s a lot of data around shopping habits and purchasing patterns now being stored by retailers — information they never had before. If you’re tying a loyalty program to a mobile payment program, those payment programs are bringing more sensitive data into the retail organization than in the past, and that’s what criminals are looking for.”
Once the hack is known, “Your public perception takes a hit, there’s customer churn, and the fines and penalties are increasing,” the article stated.
Retailers can fight holiday cybercrime with these 10 steps
Taking steps to build up your cyber defenses are well worth your time and the small expense incurred. Here are 10 ways you as a retailer can fight holiday cybercrime and safeguard your company, employees and customers:
- Secure physical defenses. Never leave a cash register, computer or tablet unattended. Maintain security cameras in check-out lines. The main goal here is to keep any unauthorized person from getting near your computers or registers. Limit who has access to your data and network. Know what’s being shared and what hardware is leaving your building, such as laptops and thumbdrives.
- Invest in EMV. If your establishment still uses the traditional “swipe-and-sign” credit card readers, it’s time to consider investing in EMV chip readers that effectively block card cloning and other nefarious tactics.
- Install software patches and firewalls. Ensure your system has a robust firewall in place, then review the security settings on your browser, email programs and software. Choose system options that meet your business needs without increasing risk: sometimes it can be a fine balance. Install and update spyware, anti-virus and malware software on a regular basis. These will help detect and prevent assaults on your network.
- Taking work home? Don’t work from home on the same computer that your kids play games on or your teens access their social media from. Those are all-to-easy ways to be hacked.
- Limit WiFi networks. Monitor the use of mobile devices and public WiFi access for employees. Make it abundantly clear what can be transmitted using a public WiFi and what should never be transmitted. Employees should use public Wi-Fi only in very limited circumstances, because hackers can easily intercept public Wi-Fi. Any data that shouldn’t be made public, such as proprietary business or customer information or credit card numbers should not be transmitted or accessed through public Wi-Fi.
- Strengthen passwords. Another way retailers can fight holiday cybercrime is to make your passwords more robust. An easy deterrent, all passwords should be at least 8-10 characters long, made up of letters, numbers, capitalized letters and special characters. Change them at least 3-4 times a year. Don’t share your passwords; require employees to create their own.
- Train employees. Your workers are your first line of defense, so teach them how to protect sensitive information, particularly if they have a business email account at your establishment or have Internet access. Discuss and test commonly used email or social media phishing tactics, with employees. Carefully select online computing services, because information you share can be compromised by their systems. Set social network profiles to private and check security settings. Be mindful of what information you post online, suggests a PropertyCasualty360 article.
- Secure data. Ensure that any sensitive data you transmit is encrypted by the retail service’s software, particularly if you offer online shopping. Your software solutions must include end-to-end software encryption, another level of security that prevents hackers, internet service providers or any other third party from accessing, stealing or damaging cardholder data or other information during its transfer from one system or device to another. It’s also a good idea to house any employee data on a dedicated computer; limit access to this computer.
- Scrutinize vendors. Selecting your online computing services with caution is another way retailers can fight holiday cybercrime. Any data shared with vendors can be compromised by their unguarded system – and you will be held at least partially responsible.
- Have a breach plan. Plan for the worst. If a breach occurs, how will it be managed? Have a clear protocol for who will manage the situation and what steps should be taken, including notifying Arrowhead Tribal.
While cyber security poses a serious threat, tribal businesses can get risk management help from Clear Risk Solutions, our risk assessment and loss control partner.
Clear Risk Solutions can assess a company’s cyber security risk and help the owner create a strategy through education, evaluation and planning. This can include recommendations, employee training and tips for best practices.
Agents can help small businesses fight cyber crime during the holidays
‘Tis the season for cyber attacks: 6 ways to protect against breaches
What retailers need to know about cybersecurity
The Future of Fighting Retail Cyber Crime