It’s hard to believe we are just a month away from the “unofficial” kick off of the holiday shopping season—Black Friday. So before the shopping frenzy begins, we thought this would be an opportune time to outline some best practices that both retailers and consumers should follow in order to protect consumer data.
Customers are expecting more and more when it comes to their shopping experience, and this holiday season will push the envelope as retailers are making brick-and-mortar stores more digital and connected while offering online shoppers an in-store experience. While these interconnected experiences might seem great at the outset, retailers are opening themselves up to new security risks, especially as we head beyond the holiday season and into 2019. As convenience technologies evolve, look for more risks to consumers and retailers.
Protecting Consumer Data is Priority #1
In our 2018 Data Threat Report-Retail Edition, we found 50% of respondents reported a data breach this past year, so it goes without saying that the holiday shopping season is a prime time for cyber criminals to target both retailers and consumers alike. Additionally, the report revealed that the top reason identified by our U.S. retail respondents for not deploying data security was “lack of perceived need” (52%). Protecting sensitive data has to be a priority or data breaches in the retail sector will continue.
While we wait with bated breath to see how the 2018 holiday shopping season shakes out, here’s some reminders that consumers and retailers should follow this year:
- Protecting consumer payment data at all costs. With cybercriminals lurking around every corner, retailers can’t afford to be distracted by a busy holiday season and let their guard down. The highest level of security procedures must be in place whether data is at rest or in use. Retailers need to pay close attention to anyone and anything that might connect to the network for nefarious reasons. Remember, protecting customer data, including credit card/payment information is first and foremost and can be vulnerable this time of year.
- Putting best practices in place at the start. Before the onslaught of Black Friday, Small Business Saturday and Cyber Monday shoppers, retailers need to thoroughly review their security policies and procedures so the appropriate safeguards are in place. Waiting until an online website crashes or a data breach occurs is too late. To do this, some critical questions to ask are:
- How will we manage a surge in traffic?
- Is there the right level of security throughout the supply chain ecosystem?
- What is the procedure if we experience a data breach?
- Don’t let connected devices be your downfall. People want a convenient shopping experience but that comes with potential security concerns. In fact, the number of connected devices in a store is only increasing. When a customer enters a store and connects to the conveniently free WiFi, their device can be taken over by hackers and can potentially launch a host of threats including denial-of-service (DDoS) attacks. As a result, security must be up to date so the tens of hundreds of these connected devices cannot wreak havoc on a retailer in exchange for a better customer experience.
- Back to basics. While you probably hear this every year, it’s important before you launch into buying for everyone on your holiday list that you ensure you are protected. You should have the right level of security software installed on your device when browsing, and don’t forget to check the retail sites you visit for their level of protection too. At the very least these sites should have SSL certificates with industry-standard 128-bit or high grade 256-bit encryption.
- Going mobile. Mobile shopping is definitely on the rise, but security measures on some retail sites don’t always have an adequate level of security for mobile applications. Be sure to check that you are purchasing goods from a secure site. From a device perspective, be sure to leverage built-in schemes such as two-factor authentication before entering payment information and completing transactions.
- No phishing here. Whether it’s phishing, smishing, pharming or whaling, these scams are nothing new. That being said, year after year consumers are always fooled into clicking on a malware-enabled email. To avoid falling into this trap, make sure promotional emails are from an authentic retailer, and when visiting websites double check that it is the one you intended to visit. Cyber criminals don’t care if you’ve been naughty or nice. They are only out to steal your data, so be on the lookout for false advertising. With a rush to get the best deal, you could end up dealing with stolen data and identity fraud instead.
The bottom line is that putting best practices in place now will help to ensure the 2018 holiday shopping season is safe and secure for all.
For more information on our Data Threat Report-Retail Edition, please click here.