In no time at all, Black Friday and Cyber Monday will be upon us. And that means that consumers will be heading to stores or jumping on their computers to shop for the best deals on things they’d like to buy. In 2017, from Thanksgiving Day through Cyber Monday, more than 174 million Americans shopped in stores and online, according to the National Retail Federation. What may be “the most wonderful time of the year” both for consumers shopping and retailers selling also signals what may be “the hap-happiest season of all” for criminals aiming to gain access to shoppers’ data.
It seems like data breaches are a dime-a-dozen these days, wreaking havoc on a retailer’s brand image and making consumers weary of shopping in and online with stores that have been compromised. Adding to that are the significant costs associated with a breach. And these holiday shopping events, with their wealth of consumer data, present a great opportunity for criminals to find ways to make this breach scenario a reality.
To help ensure that your retail business is not the latest to experience the negative impact of data loss or theft, consider implementing the following five tips:
Recognize where your business is being conducted
Some states (e.g., California with its California Consumer Privacy Act of 2018 and Colorado with its Protections for Consumer Data Privacy Act) and countries (e.g., those in Europe, with the EU General Data Protection Regulation) have increased the compliance requirements surrounding how data must be used, stored and protected. It’s imperative that you know where your data and your customers reside, and that you have the proper mechanisms in place to secure data as prescribed in those regions. Failing to meet these requirements could wipe away profits and your business due to significant fines or loss of customer confidence.
Assess your company’s risk exposure and fill the gaps
Run a vulnerability evaluation on all of your company’s devices, systems and platforms, and determine the threat risk to each component. Where time and resources are limited, concentrate on securing the largest threat risk first. Those looking to do harm often seek quick targets and will more quickly move on from targets requiring more effort.
Encrypt your Data
Encryption is the foundation of any data security solution. With a comprehensive encryption and key management solution in place, whether your customer data is stored in the enterprise or in the cloud, if a hacker ever got their hands on that data, it would be unreadable and therefore useless to them.
Simplify your data security efforts
Don’t rely solely on the encryption solutions provided by the device manufacturer or operating system. While native encryption toolkits are the best at encrypting their own devices, the operating system can really benefit from the encryption management solutions provided by Independent Software Vendors (ISVs) to manage and unify encryption efforts across the enterprise. Trying to manage too many solutions independently creates more work, and more potential points of failure in your data security plan.
Involve your employees at every level
The weakest point of any corporate data security plan is the employee. Lost laptops, installation of shadow IT applications, sharing of PINs and passwords, or the failure to recognize malware scams can all create a data breach opening in your organization. The key to a successful data security plan is to engage and train employees on a regular basis. Inform them of their roles in data security. Teach them about the steps and solutions that you’ve put in place across the organization. Show them examples of the consequences to the organization if a breach occurs. And finally, make sure you protect your organization against accidental or intentional employee missteps by having solutions in place that are both transparent to the user and prevent tampering by unauthorized users.
Implement the tips above to help ensure both your customers and your business will be protected – and “be of good cheer” – this Black Friday, Cyber Monday and well beyond the holiday shopping season.
Garry McCracken is Vice President at WinMagic