Retail SMBs are vulnerable to security hacks
Small retailers face a host of challenges on a daily basis -- from staying digitally relevant while maintaining a "human touch," to retaining a loyal customer base as they grow and expand. Unfortunately, information security often slips under the radar. This is troubling as the 2016 Trustwave Global Security Report found the retail industry accounted for the highest number of data breach incidents globally. What’s more, Shred-it’s 2017 Security Tracker shows that one-third of US small businesses (SMBs) that suffer a data breach, need up to three years to recover.
The fact is, data breaches are an unavoidable reality for all SMBs, whether it is the result of malicious theft or insider error. Therefore, it is critical for small businesses -- who rely on word-of-mouth and reputation -- to invest in data protection. Neglecting to do so could result in multiple years of lost business.
The good news is that there are numerous ways for SMBs in the retail sector to ramp up their information security and get ahead of any potential thefts or hacks. Here are some quick tips to help small businesses in the retail sector maintain a vigilant eye and protect their own and their customers’ information.
Keep Your Cards Close: Credit and debit card transactions are low-hanging fruit for information thieves because of all the personal information connected to the cards. Customers will notice that many large-chain retailers have already transitioned to EMV cards -- credit cards equipped with computer chips -- and it is imperative that small retailers do the same. These chips authenticate cards and transactions and make it more difficult to create counterfeit cards.
Eliminate Insider Threats: Employees pose a major threat to SMBs in terms of data security, whether their actions are malicious or not. In fact, employee negligence incidents are the most costly as they occur most often, averaging more than $2 million annually. It is crucial that SMBs commit to a culture of security. That means educating employees on the best practices for protecting data. When employees are armed with the knowledge of what can and cannot be done when it comes to handling information, confidential paper documents and electronics are more secure. For SMBs in the retail sector, this includes training employees not to use point-of-sale systems as personal computers, ensuring permanent and temporary employees each have different credentials and regularly clearing out and properly disposing of sensitive information.
Invest in Proper Storage: Document management is key to fighting fraud. Yet, the lack of policy on storing and disposing of confidential paper documents is particularly evident in the retail sector, where more than one in three (36 percent) say no such policy exists according to Shred-it’s 2017 Security Tracker. Additionally, the report shows that only 12 percent of retailers report using a locked console and professional shredding services. This should be a huge wake-up call to any small retail owner who finds themselves without one or both of these essential components to protecting their information security. To thwart insider and outside threats, SMBs should store all sensitive materials in a locked console or cabinet and limit access to the area.
Destroy Out-of-Date systems: With millions of transactions being made each day, retail point-of-sale systems store a significant amount of sensitive information. As those systems are updated and streamlined to improve the customer experience, retailers need to consider what happens to all the data stored on older devices. Before an old system is recycled or thrown out, the best practice is to remove and safely destroy the hard drive to ensure the information is unrecoverable. Aside from computers and mobile devices, some of the most overlooked devices that could lead to a data breach include printer and copy machines, fax machines, routers and flash drives.
Most importantly, SMBs in the retail sector must provide protection solutions that keep customers happy. The policies retailers adopt, and the services they invest in, need to do more than offer a two-step authentication. They need to protect sensitive data without slowing down transactions, and provide clear employee standards and expectations around handling sensitive data -- all while improving operational efficiencies. Aligning data protection policies with the customer experience will be sure to boost productivity, customer loyalty and your bottom line.
Kevin Pollack is Senior Vice President, Shred-it