Cyber attacks are one of the greatest threats facing global businesses today. Hardly a day goes by that there is not a report of another company suffering at the hands of hackers breaching their networks and stealing sensitive customer or proprietary business data. According to the Identify Theft Resource Center (ITRC), there were 781 known data breaches in 2015. This is the second-highest number on record since tracking began in 2005.
Although data breaches and cyber attacks are real risks for all type of public and private organizations, retailers are particularly vulnerable to these crimes. In this competitive industry, these crimes can have devastating effects on consumers and potentially damage the retailer’s brand and corporate reputation beyond repair.
Furthermore, cyber-crimes do not target one class of retailers. Over the past several years, retailers from superstores to supermarkets have reported data breaches, where potentially millions upon millions of consumer debit and credit card information were exposed or comprised.
In response to the threats presented by cyber-criminals, many retailers are physically separating the IT infrastructure for their networks based on their primary usage to limit exposure. A prime example is creating a separate network to run physical security applications from the network used for POS data. A security-only network is typically used to host the company’s security devices such as intrusion detection, video, access control devices and related devices along with building automation systems such as HVAC.
The benefits of these networks are multi-faceted. Not only does the security-only network deliver a higher level of protection, but it also offers faster speeds, more bandwidth and easier access to the network for loss prevention teams while not impacting business-critical systems.
Further benefits to a separate network include nearly unlimited access to applications such as remote monitoring of video or remote investigations, allowing investigators immediate access to video and supporting data. Many times, loss prevention teams are relegated to downloading video for investigative purposes in the overnight hours, when the primary network is not being used for POS data. Easy access to video can reduce travel time to specific locations and associated expenses, as well as the time it takes to conduct the investigations.
When the security network is monitored by a certified third-party provider, added benefits include advanced alerts of potential system failure or attempted breach of the network. The monitoring company can also ensure that the network is adhering to the latest network security protocols and has updated anti-virus software at all times.
Who Should Consider It?
Any type of retailer that is looking to provide a safer and more secure environment for its customers’ data while maintaining a higher level of security for its business critical operations is a candidate for a dedicated security-only network.
Selecting a Third-Party Provider
When considering a third-party provider for security-only networks, traditional IT companies that design and implement standard networks may not be your best option. Selecting a company that has the proper certifications for designing networks as well as deep industry knowledge of security devices and how they need to work together will greatly enhance the overall end result.
Certifications such as Cisco Cloud and Managed Services Partner Certification, Meraki Certified, Sonicwall Certified, and security product-specific certifications will ensure successful system integration. Cisco Cloud and Managed Services Partner certification recognizes companies who have attained the expertise in the planning, designing, implementing and supporting of cloud or managed services based on Cisco platforms.
Steps to Consider
One of the first steps is to identify the circuit requirements for the security-only network. Understanding what types of applications are going to be running on the network and how much bandwidth and speed is necessary to support the applications is key. Security-only networks are often based on commodity broadband, so it is important to ensure that the carrier can deliver reliable service and speed at any given location.
Once the network parameters of adequate circuit bandwidth are determined, additional considerations that must be designed into the system include remote (VPN) access and appropriate security measure and rules. At a minimum, there should be a strict password update rule both for duration of password life as well as re-use of passwords used in the past. Ideally, a consolidated security identification system should be established to ensure continuous monitoring of access with biometric or other proven security solutions as part of any access to the network.
If any part of the network is wireless enabled, appropriate security for network access and ongoing traffic monitoring are essential. If they are not part of the system, monitoring to make sure that no additional devices with wireless capability are installed on the system.
Firewall protection design is essential. With the advent of IPv6 and its inclusion in networks, there is a potential for security breach when tools designed for IPv4 are faced with IPv6 calls.
Continuous monitoring for abnormal network traffic, behavior or attempted unauthorized access are discovered, rules for appropriate notification and/or lockout must be determined and enforced.
Data Breaches: One Less Thing to Worry About
The growing threat of data breaches, cyber crime, and the high cost associated with remediating the aftermath of an attack, both in terms of hard dollars and the damage to brand reputation and customer trust, can be devastating to a retailer.
Cyber-crime rates are escalating at exponential levels and cyber criminals will continue to grow more sophisticated in their approach. Now is the time to ensure your business is protected.
The vice president of loss prevention for a leading international retailer summed it up by saying, “Deploying a separate network for security and having an independent team monitor it is one less thing that I need to worry about.”
This article was originally published in 2016 and was updated July 3, 2017.