Sponsored by the National Retail Federation
The critical necessity of preventing loss and theft to physical goods has not been supplanted—but it has certainly been added to. Less tangible assets, like reputation and customer and financial data, have become increasingly central to a retailer’s success. As the chief architect of asset protection strategy, therefore, the value that LP can bring their companies is starting to expand, and now includes the task of helping to meet the growing importance of protecting intangible aspects of company value.
“Let’s face it, no retailer wants to become the next data breach headline,” said Bob Moraca, vice president for loss prevention at the National Retail Federation, which hosts NRF PROTECT, one of the nation’s largest retail loss prevention conferences. “LP really needs to be joined at the hip with its IT peers and working together to prevent cybercrime.”
Recognizing the trend, organizers of the NRF PROTECT conference, which will be held June 11-13 in Anaheim, CA, have enhanced its annual event by including a cyber-risk conference and expo in addition to its traditional LP focus. Among other opportunities, the event will feature a cyber security workshop; education on risks associated with IoT devices and online transactions; and a main stage panel of LP and cyber security leaders sharing best practices on how the two functions can work together to tackle retail crime, addressing topics such as prioritization and technology deployments.
“One of the simplest steps LP should be taking is to meet at least on a quarterly basis with their IT peers,” said Moraca. Recent NRF data indicate that while 40 percent of LP executives are hitting that benchmark, a greater percentage only meets with IT every six months or annually, and 15 percent acknowledge that they don’t sit down with IT at all.
Armed with knowledge gained at NRF PROTECT, including insights on how criminal groups are using cyber tools to facilitate retail crime, LP executives will be better able to forge or enhance their partnerships with IT to prevent cyber crime, make coordinated investments in security tools and services, and communicate risks to senior leadership and boards.
Protecting intangible assets requires a broader strategic approach than the one used to protect merchandise. Nobody accidentally steals items from store shelves, so protecting hard assets rightly focuses on defeating determined bad guys. But in a world of less tangible retailer assets—plans, code, designs, research, records—carelessness and ignorance are equal enemies. It may seem a more benign foe to face, but the stakes are higher and failure more dangerous.
“It’s been said that 95 percent of the breaches and IT risk issues exist between the keyboard and the employee’s seat,” noted Moraca. “A simple mistake, like clicking on a bad link or connecting an infected flash drive, can corrupt a system with malware, and can result in mounds of customer information and credit card data being held ransom for who knows how much. It can literally take down a company.”
The enormous risk facing retailers is also an opportunity for LP—if it enhances its ability to help prevent cyber crime—to bring additional value. “We already train our people on what to do in a robbery and in other crisis events, so it’s a perfect match for LP to help with the education piece of prevention,” said Moraca, adding that LP expertise in crisis response can also be leveraged in a retailer’s response to a possible data breach. But again, LP needs to forge partnerships now with risk management and IT-not when ransomware is already spreading across the network.
“It’s in our wheelhouse. We know about crisis events. This is just another type of crisis on a very long list,” Moraca said. “But just like with fire drills and active shooter planning, you never want to be shaking hands and introducing yourself to first responders at the scene of the crisis”
Just as the upcoming NRF PROTECT conference has responded to the evolving retail threat environment, it has tweaked its educational format in response to attendee feedback to better capitalize on the vast knowledge of industry practitioners. “One thing we added this year was more roundtable learning opportunities, in additional to panels and traditional education sessions. People will literally be able to sit at tables focused on different topics, and, with the assistance of a moderator, benefit from peer-to-peer learning,” said Moraca. “It brings us back to our roots, which is an event built by LP professionals for LP professionals.”
Finally, attendees in Anaheim will also have a unique chance to learn from the nation’s premier crisis communications expert, Judy A. Smith, founder and president of Smith & Company, a leading strategic advisory firm that counsels corporate clients through product recalls, litigation, and other high-stake events. Smith is the inspiration for the hit television show Scandal. She has helped principals navigate through a wide range of high-profile crisis events, including General Petraeus’ CIA scandal, the hacking of Sony, and the Enron scandal. “It’s a different kind of crisis management, but she has a lot to teach LP about how to steer through events that pose enormous risks to our companies,” said Moraca.