Cyber Security Within the Retail Sector – How to Ensure You Remain Secure

Cyber Security Within the Retail Sector – How to Ensure You Remain Secure

Modern consumers are increasingly concerned about the data they provide to online retailers and how it is handled, with issues ranging from GDPR compliance, through to cyber attacks exposing their private information. In truth, however, this is the tip of the iceberg for the retail sector and many of the same concerns should apply to physical retailers.

If you are a retail company with physical stores, chances are you will have a huge amount of personal data and imagery on file. Meanwhile, the presence of your store can make you a target for walk-up attacks. In this post, we take a closer look at cyber security in the retail sector and the need for cyber security training for employees.


Retail Cyber Security Risks

Retail environments are increasingly reliant on data and retail companies are under more pressure than ever to keep customer information secure and comply with legislation. Even a simple e-commerce company will collect an abundance of data from consumers and will need to protect against hacking and social engineering attacks.

However, the challenges become even greater for those with physical retail spaces. As AON point out, there are new kinds of physical retail crimes to contend with, such as criminals using self-service check outs to pay for some items and not others, or switching the labels in order to pay a lower price. This necessitates the use of CCTV to protect your store.


Cyber Security Within the Retail Sector – How to Ensure You Remain Secure

Yet, CCTV also brings about its own challenges. Where is the data from CCTV going? Is it being stored in compliance with legislation? CCTV usage is subject to a number of laws, including the Data Protection Act, which regulates how data must be secured, as well as both the Human Rights Act and the Protection of Freedoms Acts, which regulate people's right to privacy, as well as how surveillance and biometric data can actually be collected and used.

"Stored CCTV imagery must be treated in confidence," CPNI guidance states. "Everyone has a right to privacy (even in the workplace). Some of your recorded imagery may be of the general public and the vast majority of footage will be of law abiding people going about their business. Footage should only be stored for as long as is absolutely necessary."

Of course, your CCTV footage needs to be kept for long enough to be useful to you, and to assist police in the event that they request it. A typical length to keep it for is between 30 and 90 days. However, it is essential that the images are kept secure, so that they cannot be accessed by anyone who is unauthorised.


Additional Cyber Security Threats

Away from the potential problems associated with storing online customer information and keeping CCTV images of people safe, those within the retail sector face a number of additional threats. For example, PoS systems need to be kept secure, which means ensuring there are no USB ports, or that precautions are in place if ports are present.

"How secure are your point-of-sale terminals?" asks Lee Newcombe, writing for Essential Retail. "What would happen if a malicious actor left a few USB sticks containing some malicious content around the store? Do users know not to plug such devices into corporate machines – even if labelled 'Redundancy Planning Q3'?"

This has become an increasingly common technique for social engineering and ransomware attacks, and a simple human error could compromise your company data or your customers' personal data, severely harming your reputation.


Cyber Security Within the Retail Sector – How to Ensure You Remain Secure

Furthermore, retail stores tend to have a number of IoT devices connected to their networks and these all need to be protected. With retail companies opening multiple chains at a fast pace, it is likely these IoT devices will be supplied by multiple vendors, making it extremely difficult to guarantee security across the board. Additionally, if you are offering free wi-fi for customers, it needs to be kept separate from the main corporate LAN.

So, what are the potential solutions to these problems? Firstly, it is best to work with an experienced managed service provider and secondly, it is important to try to centralise data and make sure IT systems are actively monitored.


How Fifosys Can Assist You

Fifosys is a leading managed service provider, specialising in cyber security for businesses in London and the surrounding area. Our expert team understand all of the intricacies that go into protecting retail sector companies, from complying with GDPR, through to delivering high-quality cyber security training for employees.

In our experience, one of the big mistakes many retail companies make is storing data at local branch level, when this is rarely the optimal solution. After all, decentralised data increases the number of points of failure. At Fifosys, we can assist you in getting a centralised IT infrastructure in place, whilst you can also capitalise on our proactive monitoring, preventative maintenance and disaster recovery services, so that data is always secure and backed up.

With regards to maintaining security consistency in the face of a range of IoT devices from multiple vendors, we work along the principle that if a device cannot be remotely monitored, you should not include it. Remote monitoring is vital for reliable security. Retailers who fail to follow this advice are risking being hit by high costs associated with down time in the event that a device fails or becomes compromised by a cyber attack.

Ultimately, by working with us, you will be able to benefit from comprehensive business security advice and support. This will help you to keep customers' data and your own information safe, in an age where data breaches are not only becoming more common, but where the resulting damage to your reputation can be fatal.

Mitesh Patel

Managing Director

Mitesh Patel