Retail data security became one of the hottest topics in the retail industry last year after two of the United States’ largest retailers, Target and Home Depot, experienced devastating network breaches.
We use the term “devastating” for two reasons. First, the attack affected tens of millions of customers – 60 million for Home Depot and 40 million for Target (New York Times). Secondly, the breach had a very serious affect on the brands’ reputations and this was evidenced by both companies adjusting their earnings forecasts and trying to regain customer trust.
Here are some rather disturbing facts about cyber security:
- Cybercrime cost more than $445 billion worldwide in 2013.
- More than 2,160 data thefts occurred in 2013. The number of records exposed tripled from the year prior to 823 million. Source: CSD magazine, Jan. 2015
Here are two additional facts about company preparedness:
- Thirty percent of companies do not have a plan for dealing with a data breach before it happens. Source: Mike Bruemmer, Experian Consumer Services, in Forbes, Sept. 2014
- Fifty-four percent of companies believe it can take anywhere from 10 months to more than two years to restore a company’s reputation following a data breach. Source: “The Reputation Impact of a Data Breach,” Experian and the Ponemon Institute, 2012
When faced with a data security breach, what can you do to improve your company’s ability to respond and regain consumer trust?
“It’s not a question of if you will be hacked, but when.”Joe Adams
cyber security expert
Have a plan
Develop a threat response system and know what information is vulnerable and where it is located. For instance, if you are a smaller operation, you might store customer transactions on a cloud, rather than a network.
Be prepared to communicate with customers
Don’t delay public notification. The person in your company who is usually the spokesperson should state the facts of the breach clearly and make it known that you are actively taking steps to resolve the vulnerability.
Don’t forget to apologize
It’s not just your executive team experiencing anxiety right now. Consider offering customers a free membership to enroll in an identity protection service -- a response that’s becoming more and more popular.
Keep your systems updated
Run updates on malware, regularly update software and patches. Adopt the new EMV standard prior to the October 2015 deadline (see our previous post for more details). If no one in your organization has the technical knowledge for these tasks, it’s time to make the investment in hiring someone.
Train your staff and communicate
Make point-of-sale training a priority. Employees at the register should ask vendors and technicians for ID before granting access to POS terminals. This is where moving training modules and checklists for onboarding new retail employees are especially helpful.
Remember that knowledge is an extra layer of security. Even the most prepared companies can fall victim to an attack. You must protect against vulnerabilities not only in your computer systems, but also within your franchise network. This is why regularly inspecting your franchise is crucial to security.