Black Friday, Cyber Monday, the last leg to Christmas. Tis the season for online shopping, and a time for retailers to be excited about.
In 2016, almost $5 billion dollars was ready to be spent by Australians in the 30 days to Christmas, according to the Retail Council. Online shopping peaked in the first week of December, and it is likely this will occur again. While shoppers are busy trawling stores on the Internet, cyber criminals are also on the hunt for a good bargain.
And as cyber criminals set their sights on data theft, we are seeing a number of cyber breaches targeting retailers globally. International brand Forever 21 reported a data breach in November 2017, and Target in the US paid $25 million to the US government in May 2017 following a multistate data breach, where hackers accessed 40 million credit and debit card details held by the retailer. On home soil, the Office of the Australian Information Commissioner (OAIC) will require all retailers with a turnover of more than $3 million dollars to report a cyber-attack; potentially alert all affected personnel and make a public apology starting early 2018.
Retailers will always remain on the hit list for cyber-attacks as a host of personal and financial information are retained as part of business operations. During this key business period, a ransomware or a Distributed Denial of Service (DDoS) attack are both likely to occur, with the potential to cripple businesses and successfully commit a data breach. While stressing over inventory, shipping times, and managing increased traffic loads on website are important, ensuring a robust cyber security plan is equally crucial to prevent potential downtime, loss of business and most importantly, maintaining the trust of customers.
There are certain simple measures businesses can take to protect itself. First on the list, ensure employees remain vigilant. People are often the weakest link in cyber security, with phishing campaigns the most popular method to deliver malware. Our Telstra Cyber Security Report 2017 revealed that approximately one-third of both Asian and Australian businesses experienced a phishing email incident which impacted their business monthly in 2016. Phishing emails are often disguised as delivery, invoice or utility notices, and when an end-user opens an attachment, it delivers malware to the end user’s device. Education and awareness are key to protecting your business from falling prey to attacks.
Consider the Telstra five knows of cybersecurity, and see how we’ve matched this back to your online shopping business:
- Know the value of your data: Personal and financial information are prized by hackers; but do you really need to retain and store all information? Consider what is essential, and trim down on saving unnecessary data to minimise risks.
- Know who has access to your data: Your employees are an obvious group, but what about your trusted suppliers and vendors? Map out all possibilities and keep a list.
- Know where your data is: Your data might be hosted in the cloud, but it can also be stored on Point of Sale (PoS) system in your physical store.
- Know who is protecting your data: This is mainly operational – who is keeping watch on your behalf, how can you reach them and what cybersecurity processes are in place?
- Know how well your data is protected: Ensuring SSL encryption for online payments, or imposing a more complex password option are ways you can help protect your information, and that of your customers.
Beyond the ‘five knows’, opt for different cyber security services to leave your businesses security in the hands of trusted advisors. Consider a Denial of Service Protection (DoSP), which monitors your web traffic and filters only legitimate customers to access your site. Or look at a managed cloud content security system, which detects vulnerabilities and defend your business from web threats. With the right measures in place, you can safely bring festive cheer to everyone looking for that perfect gift.