This is the first in a series of monthly articles offered by the team at RH-ISAC intended to support and educate retail and retail loss prevention practitioners on critical concepts regarding cybersecurity information and intelligence.
Cybersecurity in retail is a crucial facet of loss prevention strategies. As retail stores become more digitized, the risk of cyber-related financial loss escalates. According to the “Retail & Hospitality Industry Insights Report,” retail is one of the top 10 most targeted industries for cyberattacks. Retailers hold a wealth of customer data that is valuable to attackers, including credit card numbers, credentials for online accounts, and customer information such as home addresses, emails, and phone numbers.
Effective cybersecurity measures protect against data breaches that could lead to direct financial loss, compromise customer trust, and result in significant brand damage, or even damage physical equipment or facilities. It’s not just about safeguarding online transactions, but also about protecting in-store systems, ensuring secure communication across networks, and maintaining the integrity of customer data. By implementing robust cybersecurity protocols, retailers can shield themselves from the dual threats of cybercrime and the consequential financial and reputational penalties for failing to protect consumer data.
For loss prevention professionals in the retail sector, understanding cybersecurity is now as critical as traditional methods of protecting assets that focus on physical losses. Key concepts in cybersecurity include authentication, authorization, and data encryption.
- Authentication is the process of verifying the identity of a user, machine, or entity before granting access to a system or network. It’s a way to ensure that the individual or entity requesting access is who they claim to be.
- Authorization determines what an authenticated user or process is permitted to do. It’s like giving a stamp of approval on what resources can be accessed and what actions can be performed.
- Data Encryption is a security method where information is converted into a code that hides the information’s original form or content. Its primary purpose is to protect digital data stored on computer systems or transmitted via the internet or other computer networks so that if an unauthorized user does access a system, they cannot read or make sense of the data.
Some other key cybersecurity terms to know include phishing, malware, and ransomware. Phishing is a term that describes fraudulent attempts to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in electronic communications. This often comes in the form of emails with malicious links or attachments. Loss prevention specialists need to be aware of these schemes because a single successful attempt can compromise an entire customer database. Malware is malicious software intentionally designed to cause damage to a computer, server, client, or network; this includes viruses and ransomware, which can lock access to key systems until a ransom is paid.
Understanding these concepts is not about becoming a tech expert; it’s about recognizing the digital tools and threats that are part of today’s retail environment. Loss prevention professionals should work closely with their company’s technology departments to ensure that policies are in place to protect against these digital threats, and that staff is trained to recognize and respond to them appropriately. This cybersecurity awareness, when integrated with traditional loss prevention tactics, forms a robust shield to mitigate risks from the multifaceted threats facing retailers in the digital age.
The Retail & Hospitality ISAC was built to create a secure place for retailers to share cybersecurity information and intelligence to not only better protect their own companies, but to also strengthen the entire sector. With more than 250 Core Members (retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies), RH-ISAC is considered a trusted voice in cybersecurity intelligence and information sharing for consumer-facing organizations across the nation.
Bryon Hundley is currently vice president of intelligence operations with the Retail & Hospitality ISAC. In this role, he oversees intelligence activities and the alignment of strategic objectives. Hundley has more than two decades of experience, including roles at top companies in the retail, hospitality, and travel sectors. He has also served in public sector roles with the US Department of Health and Human Services and the US Navy.