Cyber Security Tips For Retailers And Consumers
Plenty of technology solutions exist to limit access to data, such as firewalls and virtual private networks, but the customer-facing nature of retail naturally puts consumer data at risk. Beckner recommends including everyone in the cybersecurity conversation, both employees on the front lines and those at headquarters.
Cyber Security Tips for Retailers and Consumers
Retail organizations that implement risk-based security awareness training programs can motivate employees to adopt a cyber secure mindset and enhance information security initiatives instead of inhibiting them.
If you encrypt the data, it will stay protected no matter where it resides, even if cyber criminals gain access to it. This extends to VPN protection for your work-related Wi-Fi network, a crucial security layer for anyone accessing or sending sensitive information over that connection.
Below are five holiday season tips for retailers to help make your enterprise a safer shopping environment. These techniques can help retailers identify impending data breaches and sidestep the costs associated with a major data breach.
As a precaution, retailers should frequently search for devices on their POS terminals and swiping equipment. Attackers typically attach skimmers to the device by sliding them onto the scanners and collecting them later. To check for a skimmer, examine devices daily and pull on the scanner if anything appears different. If part of the device comes off, it may be a skimming device. Call your service provider and IT security team to report it before resuming activity with that terminal or device.
There is no such thing as unimportant data. Take every necessary precaution to help protect enterprise and customer data by implementing strong retail cybersecurity controls, educating users and following current best practices. Maintaining customer confidence in your ability to protect their PII can result in more business, increased customer loyalty and stronger organizational reputation.
With more than 20 years of experience as an analyst for the US Government, David brings expertise in cybersecurity policy, intelligence, public policy, netwo... POPULAR Intelligence & Analytics February 21, 2023 Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023 4 min read - Discover how threat actors are waging attacks and how to proactively protect your organization with top findings from the 2023 X-Force Threat Intelligence Index.
The Internet allows businesses of all sizes and from any location to reach new and larger markets and provides opportunities to work more efficiently by using computer-based tools. Whether a company is thinking of adopting cloud computing or just using email and maintaining a website, cybersecurity should be a part of the plan. Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence. In October 2012, the FCC re-launched the Small Biz Cyber Planner 2.0, an online resource to help small businesses create customized cybersecurity plans.
Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats.
Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.
The Office of Communications Business Opportunities provides Internet links to information about government agencies and private organizations that have educational resources and tools related to cybersecurity. The descriptions and links below are for informational purposes only. The FCC does not endorse any non-FCC product or service and is not responsible for the content of non-FCC websites, including their accuracy, completeness, or timeliness.
Cybersecurity is one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Please find below additional resources that are available to you to reduce your risk to potential cybersecurity threats.
Resources for cannabis retailers and financial institutions.Cybersecurity Tips for ConsumersSteps you can take to increase your cybersecurity.Center for FinTech InformationDFI's Center for FinTech information.Money Services Business LicensingInformation about Money Services Business licensing.Student Education Loan ServicersUpdates regarding the licensing of student education loan servicers.Residential Seller Financing and Third-Party LendingAbout residential seller financing in Washington.
Black Friday and Cyber Monday are at hand, which means retailers have been working extra hard behind the scenes to ensure their websites and security-savvy customers are well-protected from the cyber Grinches.Indeed, 50% of 2,011 US consumers recently surveyed by Sophos said they are very concerned about getting hacked and would not buy from a retailer that has been in the news for not protecting personal information either online or in-store. Another 32% said they are somewhat concerned and would consider an alternative company to buy from instead."First and foremost, retailers have to help their customers not become victims," says Chet Wisnieswki, principal research scientist at Sophos. "They have to understand that there are criminals out there trying to impersonate their company."What can retailers do to keep their customers and themselves safe this holiday season? For the answers, we turned to Wisniewski, along with Russell Schrader, executive director of the National Cyber Security Alliance, and Adam Isles, a principal at The Chertoff Group.1. Promotions Should Have Coupon Codes, not LinksSophos' Wisniewski says retailers should not send promotions via email with links. Instead, they should invite customers to log onto retailer.com/blackfridaydeal and give them a numerical customer code to enter on their websites. With the code, customers can be assured it's a safe website and the promotion really is from the store they hope to purchase the item.2. Don't Get Fooled by a Decoy AttackRetailers should learn from the 2011 attack on Sony, when its PlayStation network was hit with a distributed denial-of-service (DDoS) attack, Sophos' Wisniewski advises. In response, Sony focused the bulk of its resources on the DDoS attack while the hackers gained access to the personal details of millions of customers. Also, keep in mind that hackers will prey on retailers during the holidays, knowing they could be working with skeletal staffs. Retailers shouldn't scrimp on tech staff during this period: They might need one part of their team to focus on a DDoS while the other looks into whether a broader breach has occurred.3. Make Provisions with a Service Provider to Protect Against a DDoSHackers would much rather disrupt or take down a retailer via a DDoS than a more sophisticated cyberattack, Sophos' Wisniewski says. At least for the holiday season, he says, retailers should purchase a tier 2 or tier 3 service from their providers. Having only tier 1 may mean a retailer does not receive the level of service it needs in the event of a DDoS attack. Retailers also need to ask their third-party suppliers and business partners whether they have ample coverage for a DDoS attack, adds Adam Isles, a principal at The Chertoff Group. A retailer can have the best DDoS coverage, but it will all break down if important members of the supply chain don't have the same level of service.4. For Physical Stores, Protect the Cash RegistersMajor US retailers have come a long way in the past few years by locking down their point-of-sale (PoS) systems with chip and PIN. However, Sophos' Wisniewski says retailers still have to physically secure all of their terminals so criminals don't slip skimmers onto the PoS displays. He says he has seen situations where criminals put the skimmers on the drive-through payment terminals at fast-food restaurants. So retailers have to be vigilant at every corner of the store, especially in areas where cash registers are not located in the front.5. Limit Network and Application Access to Seasonal WorkersSeasonal workers should only have access to what they need to do their jobs, as well as only limited access to any databases, says the National Cyber Security Alliance's Schrader. Retailers also should pay attention to offboarding seasonal workers after the holidays, he says. Most focus on onboarding, but hackers prey on those that don't end their employment properly. The Chertoff Group's Isles adds that seasonal workers really shouldn't have access to email or Web browsing: Email opens the company up to phishing attacks, and Web browsing is an obvious Pandora's box.6. E-Commerce Sites Should Look for Magecart AttacksMagecart has become an umbrella term for a group of seven cybercriminal gangs that install digital credit card skims onto e-commerce sites, They have been active for several years, but more so of late, with noted incidents reported at British Airways, Ticketmaster, and Newegg. They attack by installing a malicious JavaScript on the checkout page and skim a consumer's credit card information. Sophos' Wisniewski says retailers should make daily checks for signs that someone has tampered with their sites. For example, retailers should check at the end of the day to see whether the site is still the same since the last time anything was published. It something has changed and nobody from the company published anything, there could be cause for concern.7. Focus on BackupsThis should be standard practice by now, but retailers need to do continuous testing and have backups ready and waiting in an emergency. For example, if a retailer gets breached and loses significant amounts of data, it will need to produce paper copies of the company's contacts lists and asset inventory, The Chertoff Group's Isles points out. A solid backup and disaster recovery plan should be a part of the retailer's overall incident response plan. 041b061a72