The holiday shopping season has begun in earnest. While retailers are focused on jockeying for an estimated $1.5 trillion in sales this year (and that’s just for the US), their hard work may come to naught it not enough attention is paid to cybersecurity. Why? Because this is the best of times and the worst of times for retail IT teams. The busiest time of the year for customers is also a magnet for cybercriminals.
In response, retailers need to balance security with employee productivity and business growth. That’s not always an easy calculation, especially with the high cost of living putting an ever-greater pressure on profit-seeking. But it can be done. Here are 10 best practices to consider:
— Regular staff training: This should go without saying. Ensure your employees can spot even sophisticated phishing attacks and you’ll have a handy last line of defense in place.
— Data audit: Understand what you have, where it’s stored, where it flows and how it’s protected. This should be done in any case as part of GDPR compliance.
— Strong data encryption: Once you’ve discovered and classified your data, apply strong encryption to the most sensitive information. This should be done on a continuous basis.
— Risk-based patch management: The importance of software patching can’t be understated. But the sheer number of new vulnerabilities published each year can be overwhelming. Automated risk-based systems should help to streamline the process and prioritize the most important systems and vulnerabilities.
— Multi-layered protective security: Consider anti-malware and other capabilities at a server, endpoint, email network and cloud layer, as a preventative barrier to cyberthreats.
— XDR: For threats that manage to circumvent preventative controls, ensure there’s strong extended detection and response (XDR) working across multiple layers, including to support threat hunting and incident response.
— Supply chain security: Audit all suppliers, including digital partners and software vendors, to ensure their security posture is in line with your risk appetite.
— Strong access controls: Password managers for strong, unique passwords and multi-factor authentication are a must for all sensitive accounts. Along with XDR, encryption, network segregation and preventative controls they form the basis of a Zero Trust security approach.
— Disaster recovery/business continuity planning: Reviewing plans will help to ensure the right business processes and technology tooling is in place.
— Incident response planning: Ensure your plans are watertight and regularly tested, so everyone knows what to do in a worst-case scenario and no time is wasted in responding to and containing a threat.
For the vast majority, if not all, retailers, PCI DSS compliance will also be an essential requirement for business. Consider this an opportunity rather than a burden. Its detailed requirements will help you build a more mature security posture, and minimize risk exposure. Technologies like strong encryption can also help to reduce the cost and administrative burden of compliance. Happy holidays.
Guest post by ESET Ireland. You can also follow ESET Ireland on X (ex-Twitter), Facebook or LinkedIn for more cybersecurity updates.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.