NOW, MORE THAN ever, cybercrime is an amplified threat with technology advances, the retail world becoming more digital and governmental political threats from foreign nations. From email phishing, to point-of-sale (POS) attacks, to ransomware threats, it’s becoming increasingly difficult to fend off data criminals. Not only do these losses of data lead to distrust from your consumers, but leaves your business financially and legally burdened.
Here are some tips in preventing disastrous losses and ensuring customer loyalty:
Commit to IT Security
Retail doesn’t emphasize priority on IT security as much as media and entertainment or manufacturing sectors do. Instead, many retailers meet the bare minimum in security standards typically set up by the payments card industry in order to cut costs. This is where problems occur for security breaches.
- Set aside a budget for IT to adequately protect data
- Set up data prevention tools (firewall and intrusion detection) and have employees actively monitoring them
- Regularly update security software on time
- Include endpoint protection through all POS systems
- Encrypt your data, even if it may be on a portable device
- Set up two-factor authentication for high-volume or high-value transactions
Advertisement
Back Up Your Data
Even with having insurance coverage, backing up your data will save your business the hassle of dealing with ransomware threats in a more proactive way.
- Make backups regularly and ensure the policies are tested and reviewed
- Make backups comprehensive
- Make three copies of data, then store across two forms of media, and always keep one copy offline
- Keep cloud backups offline with tapes or a portable USB
- Ensure your backups are clean and free of malware
- Test backup plans so you know what to do in case of an attack and how to recover
Be PCI-DSS Compliant
There are rules and regulations when accepting card payments for your shop that are used by the card companies and they’re known as the Payment Card Industry Data Security Standard (PCI-DSS). This is put into place to ensure the security of the customers’ card details.
- Know which level your company fits into – whether Level 1, 2, 3, or 4
- Make sure to monitor and have control over your systems
- Always protect stored cardholder information
- Protect your network systems and be ready for a system breach at all times
- Limit data retention
- Protect payment card applications
Train Your Employees
Sometimes the easiest targets come from within – educate your employees on the importance of security and the information they are dealing with, knowing what phishing emails look like and what to do with them, and all other matters dealing with IT security. Due to human error, sensitive information can land in the wrong hands. By helping your employees know what to look for, breaches can be reduced.
- Educate employees on what phishing emails look like and what to properly do with them
- Hold new hire and refresher training on data security
- Educate employees on the importance of having strong passwords and changing them regularly
- Ensure outside contractors and service professionals you work with that have access to your data have cybersecurity measures in place
- Uphold responsibility of each employee to help protect data
- Have policies in place to not allow employees to not download unauthorized software onto company computers
- Educate employees on the company’s data incident reporting procedure
Advertisement
Cybercriminals tend to look for the easiest targets – by investing in your cybersecurity protocols you can greatly reduce the risk for cybercrime, malware infections and fraud.
While some losses and cybercrime can be prevented, others cannot – the most important thing is to ensure the safety of employees and yourself. That’s why insurance for your inventory and business is so important. For additional Loss Control tips, visit BerkleyAssetPro.com/LossPrevention.
If you have questions, please contact Berkley Asset Protection: 212-922-0659 or marketing@berkleyassetpro.com.
