The threat of cyber attacks is growing. Retailers are the most attractive to cyber criminals due to their plethora of consumer information. While retailers are certainly not alone, their cyber security challengers are unique. Cyber attacks on retailers are typically intended to extract consumer financial data. A breach could affect a staggeringly high number of consumers, potentially damaging the relationships thatretailers try to have with their customers.
Where retail differs from other industries is in its inability to fully control the complete payment process. While many retailers understand and manage their internal payment systems, security, and processes to the utmost degree, they have not been able to fully encourage card networks and banks to do the same. It has been a battle to get these banks on board with the 21st-century fraud prevention technology. Fortunately, there is a board of directors known as the Retail Industry Leaders Association (also known as RILA) that is working to approve a comprehensive, collaborative, and sustainable plan to address many of the challenges that retailers face with cyber security.
With that said, there are many good practices and security controls that can be followed in order to avoid breaches. Take a look at some of the pointers FMI compiled in its most recent cyber security article.
Since many breaches could have been avoided through reasonable security controls, members are encouraged to follow the below recommended steps:
- Identify your top one, two or three most critical types of information and the systems which use them
- Plan how you will operate if that information is lost, corrupted or the systems rendered inoperable
- Train and communicate strategy to all company employees
- Have a third party assess your information environment at least once a year and conduct penetration tests of both your logical and physical controls as part of the assessment