Breaches have occurred and will continue to occur. Except today they are growing at an exponential rate. According to the 2014 Verizon data security report, the year 2013 showed a 30% increase in the number of data breaches over the previous year. Research shows 45% of hacked businesses are in the retail space. However, big or small, breaches take a toll on retailers such as – disruption to their businesses, expenses of addressing the immediate impact of an incident, appeasing affected customers for the loss of personal information, expenses for remediation, loss of brand reputation, and the thousands if not millions of dollars that would need to be paid to acquiring banks and card brands. These all add up to significant dollars!
Is there a way to prevent breaches from happening to you?
Breaches cannot be prevented completely; the truth is every business is at risk. But it will behoove a business to be sufficiently prepared. Statistics show that hackers target all businesses of all sizes. Nobody is immune to it. Being prepared and securing the company’s and their customers’ data will not only make it difficult for a hacker to break in, but will also help in avoiding the large penalties imposed on a business. Read the last article, How to step-up risk reduction.
Here are a few lessons that we can take away from the breaches of 2014.
Making sure your POS systems have total security. The only way a retailer can be sure of this is to verify the following:
- Are proper password rules followed?
- Are 2Factors of authentication used all the time for login?
- Does the POS system store any credit card data after the completion of a transaction?
- Are remote control accesses secure?
- Are all data encrypted in the cardholder environment?
Understanding the importance of policies and procedures. An Information Security Policy is completely absent in several organizations. Policies can help a company stay on track with the many minute details by constantly verifying and checking them off as they are being implemented and followed. It serves as not only a reference point but also as a check list of things to stay aligned with data security. It is important to note here that employee carelessness, lack of security awareness and misconduct has contributed to several large breaches.
Understanding brand impact. In this age of social media, word spreads faster than a wild fire and propagates even faster. The media can also do enough damage with their speculations. Clearly, all of this can impact buyer behavior and affect a business.
Understanding the need for data security to be incorporated with the cost of doing business. Expenses for data security are ongoing and ensuring that the customer’s data is safe and secure builds credibility to a business. In addition, senior management of retail chains needs to pay attention to data security other than just the IT group.
What retailers get in return (ROI) are safeguards against loss of credibility, reputation, customers, damaging PR, legal fees and ongoing fines in hundreds of thousands of dollars that could be incurred after a breach incident. It is important to note here that nobody else will pay for the losses except the retailer that has experienced the breach.
Data security isn’t just about credit cards. Additional information critical to your customers’ privacy may very well be stored in your system. Things like names, addresses, phone numbers, emails and social security numbers are a goldmine for hackers. Securing this sensitive data is just as important as protecting your customers’ credit card numbers but losing personal information could be far worse than card data information.
Third-party vendor security
This is an important area to note. Retailers need to make sure that all data security rules apply to third-party vendors as well. Some recent breaches point to lags in security of Point-of-sale (POS) systems. For instance, attackers used sophisticated malware to infect Michael’s POS systems. Anybody having access to POS systems must follow best practices to increase security. They include strong passwords, system patches and updates, installation of firewall to prevent unauthorized access, restricting or having no access to the internet, and not allowing remote access to POS systems.
There are several minute details to pay attention to for total and absolute data security. Twenty-four hour data security all year around is not an easy job. Retailers need guidance of experts in these areas. This is where Omega’s expertise comes in. Call Omega ATC at 636-557-777. Connect with us online.