‘Tis the season to be breached. The holiday shopping season is upon us, and after the year the retail industry had, both consumers and retailers have a right to be nervous. Breaches are inevitable, and hackers are sophisticated. For shoppers, these security concerns give consumers another reason to closely monitor checking and credit card accounts. Retailers, too, should stay vigilant for suspicious activity and consider their security strategy going into this shopping season.
WinMagic Data Security published “5 Observations of Retail Data Breaches: Why Encryption?,” an eBook outlining how data encryption can augment the existing PCI Data Security Standard and solve the data-protection challenges facing the retail industry. Mark Hickman, COO at WinMagic Inc., has five best practices for retailers to remain safe this holiday season.
Click through for five security best practices retailers should consider to ensure customer data is protected, as identified by WinMagic, Inc.
Know Exactly Where Your Business Is Being Conducted
The majority of retailers have their customer data spread out across multiple locations, including at the company’s corporate offices, at specific retail store locations or even within the brand’s online portal. Because of this, it is critical for retailers to understand how and where customer data — especially payment information — is being accessed, handled, and most importantly, how it is being secured.
Recognize Data at Rest
Retailers are constantly storing information in multiple locations, usually for the customer’s convenience. However, data stored on portable devices such as laptops or archived on servers is often forgotten and — as a result — becomes a prime target for hackers. Retailers must encrypt all data at rest. By doing so, there is little to no concern should a device be stolen or lost.
Track Moving Data
Retail brands need to have a clear understanding of how their customer’s data is moving through its infrastructure. Technologies like sniffers and network traffic monitoring software enable retailers to track where customer data has been, where it’s headed and most importantly whether or not it was encrypted during flight. This allows for retailers to adjust security measures in response to a potential threat.
Join Forces with a Security Expert
By partnering with a data security vendor, retailers can leave the managing of their security infrastructure up to the experts and focus on what’s really important to their brand — selling merchandise and keeping customers happy. A partner can monitor and implement the most appropriate security measures in response to both current and emerging threats.
Implement an Encryption Policy
Retailers need an encryption policy that is mandatory yet manageable. Role-based controls are also a critical component; this implies only specific individuals have the ability to control or access information. Routine and ongoing audits are also always recommended to ensure that a company’s data security and encryption polices are constantly being enforced.