Retailers are at the forefront of cyber attackers targets. Retailers are still more attractive to cyber attackers because they offer the potential of larger gains as it is publicly known that they have a high volume of customers, and with customers comes cardholder data and private contact details.
According to the UK Government Cyber Security Breaches Survey 2016, the average cost of a breach to a large company is £36,500. With one data breach identified in this survey as costing £3m from the following direct expenses, these exclude the indirect costs such as rebuilding a damaged reputation:
- Lost cash resources
- Lost revenues whilst unable to trade
- Containment and remediation activity
- Replacement hardware and software
These threats are genuine and no retailer is immune, in the past four years the largest of retailers have been targeted, and some of which were incapable of preventing the breach. Recently, both Target and Ebay, considered high profile retailers, have been struck by a cyber breach. Target were victim to the theft of 40 million credit card accounts, amounting to 70 million customers having some their confidential information exposed. $240 million was spent by Target to replace customers’ cards as well as the costs of sales and the stock price of the company being driven down from the public reputational damage. One of the world’s best known brands, online auctioneer eBay was victim of an attack where 145 million customer accounts were breached – this is still one of the largest known theft of credit card data from a single targeted victim.
Basic tips to cyber security
The following cyber tips should be applied to all enterprises regardless of the size and industry.
- Invest in quality anti-virus protection
- Enforce strong password management policies
- Be very wary of email attachments/links
- Be aware of the threats of a BYOD policy
- Stay aware of current threats
- Create a Response Plan
- Invest in a Cyber Security Expert
As well as these, more specifically, for retailers, there must be considerations towards focusing on the security of payment acceptance and customer data. Why? As a retailer, the nature of your business is different to perhaps other types of businesses. These key differences being the high level of customer communication and overall orientation surrounding customers and their personal, private details. Therefore, naturally the increase in customers leads to a higher volume of payments and data, henceforth why there needs to be more of an emphasis on cardholder data and data protection. Below shows the tips tailored towards the cyber security of retailers:
- Make sure you are compliant with the Payment Card Industry Data Security Standards (PCI DSS)
So what are the PCI DSS? The PCI Security Standards Council promotes payment card industry standards worldwide and works towards ensuring merchants understand the standards for security as well as staying protected from cyber breaches and the theft of cardholder data, in doing so ensuring that payment solutions are safe for both the organisation and the customers. The Payment Card Industry Security Standards (PCI DSS) are: