Every year, we see more and more headlines about the growing number of data security breaches among retailers of all sizes. In fact, a recent industry survey noted that 50 percent of U.S. retailers reported they had experienced a security breach in the past year—and 75 percent stated they had been breached at least once in the past.1
At the heart of this disturbing trend is a growing gap between current retail security measures and evolving cybercrime threats. The reality is that in today’s more mobile and digitally driven marketplace, retailers need to protect against a wider array of potential vulnerabilities than ever before. Just consider the diversity of tactics used by hackers to carry out recent attacks on some of the industry’s biggest brand names:2
• Adidas: website vulnerabilities used to target online U.S. shoppers
• Sacks Fifth Avenue and Lord & Taylor: email phishing scheme used to breach the store payment systems
• Under Armour: unauthorized data access gained via the company’s MyFitnessPal app
• Ticketmaster: attacked via a vulnerability with a chatbot vendor
To help protect against this growing expanse of security threats, retailers need to cast a wider safety net that expands protections across a more mobile workforce and multi-channel marketplace. That not only means securing a broader base of user access points and technology, it also means guarding against user behaviors that can jeopardize security and using more advanced security measures to create built-in defenses for the data itself.
Think broader to beef up network security
Researchers predict that by 2021, 27 percent of corporate data traffic will bypass perimeter security and flow directly from mobile and portable devices to the cloud.3 For retailers, this only emphasizes the need to be increasingly vigilant about knowing which devices are connecting to their corporate network and what exposure they have to the open Internet. They also need to consider vulnerabilities created by BYOD and other consumer phone-based solutions that allow employees to access open, unsecure Wi-Fi networks that could put company and customer data at risk.
Engage employees in combatting web-based security threats
Mobile employees such as retail associates and other staff are often a prime target for various cybercrime tactics and schemes perpetrated via the web and email. For example, some 48 percent of email phishing attacks take place on mobile devices, and mobile users are three times more likely to bite than desktop users.4 Smart mobile security measures can help minimize risks, including web filters that block malicious websites, installing antivirus technology and enforcing regular security updates for all enterprise mobile devices. But the most critical line of defense is employee awareness. Retailers need to educate and train employees to be on alert to these and other mobile security risks that can put their information and your organization at risk.
Proactively monitor apps to minimize risks
Retailers are using more mobile apps than ever to streamline transactions, enhance workforce productivity, simplify management and support critical workflows. But as the number and variety of retail apps grows, so does the potential for employees to unknowingly download security risks right onto their devices. Companies can minimize app-based vulnerabilities by following a few basic best practices, such as using mobile application management to inspect and keep enterprise apps free of malware and privacy risks. It’s also critical to establish and enforce IT governance protections such as single sign-on, data wiping and jailbreak detection.
Prioritize and enforce device security measures
Busy retail environments are unfortunately ideal settings for mobile devices to be lost or stolen. Associates can get distracted or simply lose track of a device when assisting customers or completing tasks throughout the day. Despite this, many employees don’t utilize even the most basic security features to protect their devices from unauthorized users. In a recent study, in fact, 50 percent of professionals reported that they had no password, PIN, or biometric security guarding their work mobile devices.4 Strong IT governance is important, but proactive management and employee training are absolutely critical to reducing these risks.
Create a final line of defense with data encryption
Even with the most robust security measures in place, hackers may still find a way to access data. We’ve seen that happen in recent cyberattacks involving less traditional tactics such as exploiting system vulnerabilities of third-party contractors—an approach used in both the Ticketmaster and Under Armour breaches. Rather than trying to guard against all possible methods of attack, retailers can use encryption to add a final line of defense that protects the data itself from being readily understood or used by unauthorized individuals.
A variety of encryption solutions can be used to protect data that is at rest or in transit. To determine the right encryption solution, retailers should examine how data is used, stored, transmitted and accessed across wired and wireless networks, mobile devices, POS systems and even into the cloud and the Internet of Things (IoT).
When considering these and other security measures for your organization, be sure to work with an experienced, security-savvy mobile solution partner to help assess and address your specific needs, from choosing the most secure mobile solution device to deploying advanced capabilities like encryption to fortify data protection today and in the future.