The Covid-19 pandemic has hit retail hard, and it’s not only about the quarantine and the dropping demand. Retail has also seen a steady increase in cyberattacks. The havoc ensues just as the majority of retailers opt for remote working.
Is there a way to lower the cyber risks? Let’s look into the matter below.
Putting up security defense
To fight off security threats, you’ll need to develop a comprehensive strategy that covers all the specifics of your e-store operation and offers a clear action plan for dealing with outsider and insider threats. Dealing with external security threats almost always involves third-party consultants, but internal cyber-risks can be managed independently in cooperation with your employees.
Snakes in the grass
The recent 2020 Insider Threat report by Ponemon Institute revealed shocking data. Insider-triggered incidents have grown by 50 percent, and it’s not that employees are the malicious actors exploiting your trust. In fact, around 65 percent of security incidents happen due to employee negligence, and retail is among the notorious leaders with a 38 percent growth in insider threats over two years.
So is it possible to put an end to this? It is; but you can go even further and empower your staff to work toward incident prevention. Their education is the key here.
Educate your employees
Now that your staff is scattered all over the city or even the country, a consolidated security-centered approach is a must. What should you pay attention to?
Timely system updates
Do you remember the good old Windows 7? It gets no more updates from Microsoft, and yet about 30 percent of computers worldwide still run on this obsolete operating system. While you may fully control software updates on your premises, you have no power to do so in your employees’ home.
In fact, users often skip updates fearing some compatibility issues or just feeling comfortable as they are. So how can you motivate your employees to update? Do this by providing an inspiring example, and here’s one for you. The overwhelming 98 percent of WannaCry attacks that shook the world in 2017 were stopped altogether by ensuring timely system updates.
Smart email management
With an array of novel technologies like AI and NLP that are gradually making their way into the most conservative domains, the simple email still makes number one communication channel in retail. And here’s a security pitfall tagging along.
According to BakerHosteler's 2020 research, phishing and spoofing are still among the top security threats, both typically employed via the email channel. So training your staff to detect these types of attacks may prevent damage.
Phishing attacks consist in sending emails with some seemingly reputable content (graphs, stats, etc.) to motivate the recipient to provide their personal information. In this case, hackers count on the reputability of the source they cite. There’s even a specific phishing subtype called whaling.
In this case, cybercriminals pose as your CEO and demand access to your credentials to steal business-critical information. With spoofing, they go even further by pretending to be someone you know — a colleague, a reputable supplier, or a business partner. So how can your employees prevent these attacks?
They just need to be on the alert. In fact, malware-containing emails don’t come from legit sources. The domains, emails, even the names of people involved come slightly altered, for example, with typos. So you should urge your workers to double-check their incoming correspondence and report the incident to your cybersecurity team.
Besides, not clicking on suspicious links should become a rule in your team. It’s also advisable to run a mock attack after this training is complete in order to assess your team’s readiness to fight cybercrime.
Foster zero-trust attitude
The traditional castle-and-moat approach implies that you have to protect your environment perimeter only, while everything that is inside is secure and trustworthy by default. However, this attitude causes severe data breaches: as hackers get into your environment through breaking the firewall, there’s nothing that can stop them. So they just move across your system wreaking havoc.
The zero-trust approach focuses on authorizing minimal access to information only after successful identity authentication. While this is fully on your IT specialists, you may as well promote the idea among your employees. The key point is to question any digital interaction happening with colleagues, partners, suppliers, etc. and provide the minimal requested information only after verification. Any suspicious behavior should be reported to your IT specialists for further consideration and prevention.
No matter how well you train your team, there are potential security threats they simply can’t detect or prevent. This is where advanced infosec intervention might be required.
Leverage ethical hacking
Ethical hackers have all the needed skills and knowledge to help you power up your digital environment for incident-free remote operation. Ethical hackers monitor and track active security threats and have ready-made solutions to mitigate them. But that’s not all they can do.
They perform security penetration testing to test your system stability and readiness to face and survive a hacking attack. They carefully study the environment, detect potential weak links, and then try to get in through these loopholes. After the testing is completed, they fix the weaknesses with patches to make sure these particular points of entry won’t be misused again.
To keep the patches up-to-date, they work out a comprehensive patch management strategy. Besides, they also look into the root causes of the weaknesses discovered and provide an action plan for solving them.
So now, your loyal employees proactively protect your retail business by timely updating the software they’re using, spotting scam emails, and not trusting any requests for information by default. You’ve fixed the deficiencies discovered by ethical hackers. So is your store bullet-proof? Yes, but not for long.
Ensuring cybersecurity is a never-ending effort. New threats pop up daily, and a solution that’s once been secure may turn vulnerable in no time. With continuous monitoring and regular security testing, you’ll have your bases covered and your store protected.
Irina Rebkovets, Unit Coordinator, a1qa