Cybersecurity & Retail: 3 Essential Components

Over the last few months I think all of us have seen our favorite neighborhood stores implement contactless payments, and utilize connected devices, both tablets and smartphones, to facilitate curbside pickups. And many restaurants have quickly launched e-commerce sites to ship recipe kits and spices. These changes have made a difference not only in providing safety measures, but in giving businesses the potential to thrive in times that are unprecedented, troubled, turbulent--well, pick your favorite term. 

And while digital technology has made the ability for our favorite stores to adapt to changing needs a lot easier, it also created new cybersecurity risks that also need to be addressed. Think about all the information that is being gathered into the cloud, passed between devices, and communicated over the internet.

I asked cybersecurity expert Helen Yu what retailers should be doing right now to increase their security. For Helen, it starts with a change in perception: 

“Retailers need to shift from compliance-driven security to resilience-driven security. This means shifting from viewing security as a checkbox to embedding security as part of strategy and decision making, she says. “Investment needs to be made in establishing governance processes, assessment of threat landscape, educating and upskilling workforce, neutralizing third party risks, and technology to monitor progress.”

Retailers must take a multilayered, strategic approach to cybersecurity. There are three essential areas to focus on with cybersecurity for retail: Internet of Things (IoT) Security, Cloud Security and DDoS Defense. 

1. IoT Security and Endpoints

IoT devices give retailers enhanced visibility into everything from supply chain to warehouses to customer journey data. Most of this is facilitated by endpoints like tablets, POS systems, and computers that communicate through a shared network.

While having multiple endpoints helps track inventory and customer transactions, each one presents an entryway for hackers. Think of the network as your house, and all the endpoints are doorways inside. If you don’t keep the doors locked, all the information inside your network is at risk of a cybersecurity breach. 

According to Helen Yu, securing these endpoints should be a top priority. “It is critical to focus on consumer data protection and strong endpoint security on point-of-sales systems,” she says. Investing in services that protect your network and endpoints is a must. Here are some best practices to keep in mind:

●      DO get your devices from a vendor you trust. Working with good vendors ensures the integrity of your hardware.

●      DON’T use default passwords. The stronger your passwords are, the harder they will be for hackers to compromise. 

●      DON’T connect your devices to public WiFi. Create your own network with another unique password. OR use cellular enabled devices.

●      DO make sure your firmware is up to date. Otherwise, you risk your software not working smoothly or securely.

●      DO use multi-access edge computing to gain additional security and control. It enables you to choose which data to process onsite and which gets sent out to the cloud.

2. Cloud Security and Data Storage

If IoT is how information transfers through a retail experience, the cloud is often where the data is stored. Most retailers operate on a public cloud--in fact, 91% of all businesses do, according to a 2019 report.      If you are one of these businesses, this means you are actually sharing cloud space with other companies. 

Because of their shared nature, public clouds offer less security and limited control. If you want to know the full extent of where there may be gaps in your protection, consider taking a Network Vulnerability Assessment. 

For long term support, fortify your cloud cybersecurity with managed threat detection and response. That means 24/7 monitoring of your cloud data, plus a team of experts ready to respond if there is an attempted attack and to mitigate damage in the event of an actual breach. 

3. DDoS Attacks and Defense 

DDoS stands for Distributed Denial of Service. Hackers will use scripted bot traffic to flood a network so it can no longer accept any new requests, blocking legitimate traffic.

DDoS defense is especially important as the holidays come around. Forbes reports that e-commerce demand for retail is predicted to spike up to 35% more than past seasons. Your shoppers are online, and a DDoS attack will compromise sales and negatively affect their experience.

As with cloud security, you can also gain network defense through a monitoring solution. Michael Colaneri, VP of Retail, Restaurant and Hospitality at AT&T, observes: “AT&T Business offers both proactive and reactive monitoring to block DDoS attacks. Additionally, adding monitoring to your networks application layer--the layer of your network that your customers interact with--will also build a defense against DDoS attacks being launched against your network.” 

Future Proofing with Retail Cybersecurity 

While this year has been challenging--to say the least-- retailers small and large have adapted and reinvented how they do business. E-commerce, IoT, and cloud-based technologies have all bolstered these efforts, and with the holidays just around the corner, the future looks promising. 

It’s impossible to know exactly what’s to come next, but investing in cybersecurity for retail is a tangible way to help future proof your business. 

Want a more in-depth look at how to strengthen cybersecurity for your retail business? Watch The Science of Cybersecurity: Digital Transformation in Retail. Theresa Lanowitz, director of AT&T Cybersecurity, joins Courtney Radke from Cortinet National Retail CISO for an in-depth discussion on trends, challenges, and actionable tips. Click the link above to watch on-demand.