Cybersecurity best practices for retailers this holiday shopping season

Photo by

It’s a lucrative time of year, and not just for retail businesses. Cyber criminals also look to take advantage of the increased traffic and high sales volume, which provides cover for them to actively target retailers with cyber attacks. 

Keeper Security is sharing cybersecurity best practices for small businesses to help protect sensitive systems and valuable customer data during the biggest shopping week of the year. 

Cyber criminals utilise a range of tactics to gain access to an organisation’s systems and valuable data during this hectic time, which can include phishing attacks, ransomware, malware, business email compromise and more.

Preparing for and actively defending against cyber threats is essential to maintain the security of customer data and transactions during the holiday shopping season and year-round. Retailers should implement a multi-layered approach to cybersecurity, including the following: 

  • Conduct employee training- According to Verizon’s Data Breach Report, 74% of security breaches involve the human element, including falling victim to social engineering, stolen credentials or simply making an error—misplacing passwords, for instance. Cybersecurity training should be an integral part of onboarding, while phishing tests and supplemental training should be conducted regularly so employees can stay up-to-date on the latest threats.
  • Regularly update software-  Ensure all systems and software, including Point of Sale (POS) terminals and e-commerce platforms, are up to date with security patches to protect against known vulnerabilities. Install antivirus software and ensure it is regularly updated to defend against the newest threats. 
  • Secure sensitive systems- To secure payment processing, ensure you’re using trusted tools and isolate your payment systems.  Implement privileged access management to secure and manage access to privileged systems and accounts, such as payroll and IT. Implement the principle of least privilege to ensure employees only have access to the systems and accounts they need to do their jobs. Set up an intrusion detection and prevention system to monitor for suspicious activity and potential threats. 
  • Protect customer data- Regularly back up and control access to data by appointing administrators and monitoring user permissions. Review your existing data collection practices and policies to ensure you understand the user information your organisation is collecting and get rid of any dark data your organisation is not using. If your company doesn’t absolutely need a piece of information about a customer, don’t collect it.
  • Implement an enterprise password manager- Weak and compromised passwords are the biggest threat to a retailer’s cybersecurity. In addition to giving IT admins visibility into employee password practices and enabling them to enforce password security policies, such as the use of strong, unique passwords and MFA, an enterprise password manager helps prevent employees from entering their credentials on phishing sites.
  • Secure your WiFi network- Protect your network with a strong password that is at least 16 characters, featuring a randomised mix of letters, numbers and special characters. If encryption is not already enabled, you can update it in your ISP admin settings. The majority of routers already have built-in firewalls, so ensure that’s enabled as well. Use a Virtual Private Network (VPN) to allow remote workers to connect securely from outside the office.

By taking these steps, retailers and small businesses can bolster their cybersecurity posture and better protect their systems and data during the high-stress period of Black Friday and Cyber Monday.