It used to be the case that, when organisations were hacked or their data was stolen by some other means, we could direct the blame at the perpetrators. In the brave new digital world, these rogues and ne’er-do-wells weren’t playing fair and were ruining it for everyone else.
Let’s be very clear: today, that is not the case. In the eyes of the public, if you get hacked, it’s your fault too. Cyber security is no longer simply about protecting your systems – it’s about protecting your reputation. Like it or not, cyber security is now part of the communications mix.
To understand how this has come to be, you need only consider the maxim: “Fool me once, shame on you; fool me twice, shame on me.” In short, public perception is that organisations should be wise to cyber security threats by now. This is borne out by research from this time last year by PwC, no less, suggesting that only 12 per cent of consumers trust companies with their data more than they did a year prior.
The fact of the matter is that data breaches do happen – and can happen even if you’ve taken every reasonable precaution. For organisations storing limited, unsensitive information, the impact can be relatively minor and relatively easy to rectify. For retailers, typically storing and processing personal and sensitive information, it can be very serious.
Take consumer electronics firm Dixons Carphone, parent company of brands including Currys PC World and Carphone Warehouse. Earlier this year, it revealed that hackers had stolen data belonging to 10m customers in a 2017 attack. That’s nine million more that it initially thought and puts the incident among the worst know retail breaches ever. Shares slumped, customers lost trust and it continues to be investigated by authorities.
You may not be able to fully protect yourself from cyber security threats, but you can minimise the risk of them happening, limit damage if they do happen and increase both sales and annual revenue by being prepared and demonstrating that you are.
POS intrusions
Point of sale (POS) intrusions, be they online or at physical payment card terminals, are typically carried out via malware installed to capture payment information. Keeping security systems up-to-date is, needless to say, critical in protecting against such attacks, but segmenting them too – so that stored information and payment processes are distributed – helps to mitigate risk and limit potential damage.
Security can also be strengthened by using multifactor authentication that ensures you can’t pay with only your card but that you need something like a mobile app or hardware token as well.
Payment card skimming
If POS intrusions have hackers sneaking in through the back door to access customer data, card skimming cuts gives them a key for the front door. It typically uses devices fitted to payment terminals, such as an ATMs, self-service checkouts or petrol pumps, that read magnetic stripe data from a payment card.
Part of the solution here is training employees to recognise if tampering has occurred, but tamper-proof terminals that make it difficult for hackers to collect cardholder information and tamper detection methods can also be implemented.
PCI DSS non-compliance
Payment Card Industry Data Security Standard (PCI DSS) compliance gets more stringent every year. As threats continue to evolve, PCI standards must do the same. However, a 2016 survey from the Merchant Acquirers’ Committee discovered that only 39 per cent of small and medium-sized businesses are compliant. Not only does this leave them open to attack, it means they can be fined and banks are likely to either stop working with them or increase transaction fees. Ensuring PCI DSS compliance is one of the simplest ways to stay secure and protect your reputation.
Secure your retail rep with our eBook.
Adam Binks is CEO of SysGroup.
For more information, please visit www.sysgroup.com