Don't Fall Victim to a Hack Attack
By Farokh Karani, Director of North American Sales and Channels for Quick Heal Technologies
It has been a couple of rough years for the consumer retail market.
High-profile "hacks" of major brands such as Target, Michael's and Home Depot, to name just a few, have shaken consumers' trust and the sense of security they have in using their debit and credit cards to make purchases.
According to a 2014 report from LexisNexis, the "True Cost of Fraud Study" retailers lost $11.1 billion in 2013 overall due to fraud. Even more alarming is there is no sign that this trend is slowing down. In fact, retail fraud is growing at a rapid rate, with the percentage of revenue lost to cyber thieves increasing 70 percent, from .080 percent in 2013 to 1.36 percent in 2014.
Investing in IT security solutions that shut down hackers and cybercriminals before they take advantage of flaws and vulnerabilities in a retail website and network during the holiday shopping rush is an important first step in protecting company revenues. Small business retailers who go the extra mile to make sure their customers' private financial data is protected bolster their reputation as a retail brand that can be trusted.
Not only will the investment in complete end-point protection, network/gateway security and mobile device management pay off in customer loyalty and secured sales revenue, it is also much less expensive in the long run. A recent survey by the Ponemon Institute showed the average cost of cybercrime for U.S. retail companies more than doubled from 2013 to an annual average of $8.6 million per company in 2014.
Although major retail brands are more lucrative targets for cybercriminals, most large retailers have extensive security policies and multilayered IT security solutions in place, leaving cybercriminals to turn their sights on smaller online retailers, which they know may not have the time, resources and IT personnel to successfully thwart attacks.
Small to mid-sized etailers must invest in building customer trust, and the most effective way to accomplish this is to do as much as possible to make sure customer transaction data is safe and secure. It takes just one data breach for a business to lose longtime customers, along with potential customers, their hard-earned reputation and market momentum.
Surprisingly, it's possible for small- to mid-sized retailers and etailers to compete with their larger competitors by creating a safe and secure shopping environment for their customers. There are four key tips to keep in mind.
1. Be Proactive
Defend against even the most sophisticated cyberattacks that pummel operating systems, applications and servers by regularly evaluating for suspicious behavior, or out-of-the-normal behavior. Smaller enterprises can defend proactively by staying up to date with the latest threat intelligence and applying this knowledge as appropriate. This includes keeping all software updated and ensuring that patches and bug fixes are applied in a timely manner.
2. Bolster Anti-Virus Protection
Although not the only way to protect a network and customer data from attacks, anti-virus (AV) protection should remain a top priority and not be taken for granted. AV software is designed to prevent, search for, detect and remove software viruses as well as other malicious software like Trojans, adware, worms and much more. By some estimates, there are 60,000 new pieces of malware created daily. The basic Windows Defender AV software that is built into the latest versions of Windows has been shown in industry tests to only stop about 80 percent of the malware that is out there; and its signature files are updated only once a day. AV alone is not enough to protect against many of these new threats, yet it is still extremely important to overall system security. With added heuristic functionality, which looks at the behavior of a file in addition to its signature to determine if it is malware, today's AV is much more advanced than it was just five years ago. As a result, modern AV is now very effective at blocking a wide array of malware, including spyware, adware, keyloggers, remote access Trojans and root kits.
The Best Defense Against Three Types of DDoS Attacks
Learn how to protect your digital properties at wsm.co/3denialdos
3. Go Comprehensive
Most security experts recommend that companies of all sizes take a comprehensive approach to IT security. While keeping AV software up to date is extremely important, providing multiple layers of security to all endpoints should be the goal. These layers can include AV, application monitoring, content/Web filtering and data loss prevention (DLP). Rather than purchasing individual solutions from various vendors, small- to mid-sized retailers are better served by choosing an IT security package that provides cross-platform support for mobile endpoints, servers, networks and gateways. By choosing one complete endpoint security solution that has everything from AV to DLP included, retailers can focus on protecting data assets rather than worrying if multiple software licenses have expired, leaving their data and their customers' data exposed and ripe for theft.
4. Future Proof Your Security
Keeping up with trends is as important to SMBs as it is to large big box retailers. The "Internet of Things" (IoT) is one trend that is picking up steam daily. From an IT security standpoint, it should be evaluated as another potential risk to business and consumers alike. As more sensor-driven systems, such as refrigerators, cars and even smartwatches, connect to the Internet, cybersecurity protections must also step up to prevent data breaches and compromises. IT security will need to keep up with this new era of "Everything connected, all the time." Retailers must also be aware that this may impact secure payment methods, and adjust their IT security strategies as a result. The retailers that keep up with quickly evolving technology like IoT will be three steps ahead of the game.
Farokh Karani is the Director of North American Sales & Channels for Quick Heal Technologies, a leading global provider of IT security solutions.