Keeping the business, employees and customers safe is the biggest priority of a business owner. Threats come from all sides, not the least of which being theft. Unfortunately, even stealing has evolved with rising technology. Your products aren't the only things at risk of being taken. If you have customers using credit and debit cards or shopping online, you're collecting their information and creating a new target for thieves.
Hackers can steal identities and money or even shut down your business for however long they like. The key is understanding and recognizing attacks so that you can mitigate risk and loss.
Breaches of the Past
A very memorable and recent retail breach was the 2013 attack on Target. Over 40 million accounts had their credit card information stolen, and the theft went unnoticed for several weeks. As a result, Target had to announce the breach during their critical holiday shopping season. Net earnings fell 46 percent for the quarter. In January 2015, Target was ordered to pay $17 million for a class action lawsuit.
In 2014, Home Depot was also hit with a cyber attack affecting 50 million accounts. These types of attacks happen regularly, few being caught within the same month. These higher-profile attacks, like Target and Home Depot, are rarer than ones on small businesses, but they do occur. The defenses large corporations already have in place deters most hackers. Unfortunately, that doesn't always work.
What Needs Protection?
Just like any physical product, your most valuable assets are what need the most protection. That means client information, of course, but it also covers the hardware used in your stores. Point-of-sale machines, or PoS machines, are big targets for hackers to access. Mobile phones and other devices with access to your business' cloud server are also at risk.
Surprisingly, if you utilize CCTV cameras, they may also pose a problem. A lot of CCTV cameras can be accessed online publicly, changing who is watching your store from your employees to just anyone. Investing in software tools to keep people away from your vulnerable hardware is the first step to securing your information.
Cybersecurity threats vary but can be boiled down to two categories: people and technology. The people aspects come in from everyday petty thieves to full-blown organized crime. There could also be people inside of your business, whether they're employees or valued customers, with malicious intent for the company.
Technology's rapid evolution from year to year is the biggest downfall for security. Getting the latest tech for your business could mean putting the company at higher risk — nothing has been put through the paces, which makes everything more vulnerable. This issue could be one reason that ransomware, a malware attack that involves someone holding data for ransom, is on the rise. In 2016, there were 638 million reported ransomware attacks in businesses.
There are ways to protect yourself and your business from cyber attacks. Including a change of management — like keeping passwords secret and locking up devices not in use — certain government standards must be adhered to for everyone's safety. The Payment Card Industry Data Security Standard, or PCI DSS, is meant to be kept compliant across all card readers, routers, networks, servers and even paper files.
The PCI DSS makes companies liable for attacks by giving them the responsibility to actively monitor and take inventory of IT assets. The PCI Security Standards Council recommends eliminating cardholder data unless necessary and keeping strong communication with card brands and banks. Being PCI-compliant starts with keeping the customers' safety ahead of all other priorities.
Keeping Hardware Safe
The worst attacks happen right in the store, not on the other side of the globe. Someone leaving passwords on notepads or unattended equipment is a thief's dream. Even human error on your employees' part can lead to massive amounts of trouble. If a device with PoS software is lost or stolen, anyone with access can view customer records.
All devices have to locked down, even if the extra task is tedious. Sometimes, investing in better PoS equipment can make a big difference in what gets stolen and who gets caught. Making sure all devices are accounted for at the end of each day and securing information from even most employees can help cut down on potential threats.
Prepare for the Worst
The sad truth is that cyber attacks are inevitable. The best thing you can do is put up defenses to guard against hackers and comply with laws to protect your employees and customers alike. One of the best ways to always ensure that everyone is protected is to keep up a constant stream of communication.
In 2014, the Retail Industry Leaders Association launched an intelligence-sharing resource, because transparency in these matters should remain clear and vigilant. Retailers helping other retailers against attacks and standing strong together can benefit everyone involved — except the hackers.