Skip Ribbon Commands
Skip to main content

Don’t Fall Victim to a Hack Attack: 4 Steps to Stronger IT Security Before the Busiest Shopping Season of the Year

27/11/2015


​​MNP's TAKE: Protecting your IT assets is about more than simply protecting your revenue. It's also about safeguarding your customers' sensitive information. A hack can seriously impact trust levels for your business, causing customers to turn away - or worse, if legal action is taken.

What's important to recognize is that technology risk isn't strictly defined by the size of your revenue. When major brands get hacked they'll certainly make the headlines, but smaller business that get attacked are often that much more severely impacted. Technology risk management is essential no matter how big or small your business - and it doesn't need to be cost-prohibitive. The best approach is to identify your key threats and apply tailored solutions that are right for your operation.

To learn more about how MNP can help you implement a stronger approach to risk management, contact Trac Bo,  CPA, CA, CISA, CRISC, ABCP, CGEIT, Technology Risk Services Leader, at 403.537.8396 or [email protected], or your local MNP Business Advisor.​


BY FAROKH KARANI FROM BUSINESS2COMMUNITY

It’s been a couple of rough years for the consumer retail market. High profile “hacks” of major brands such as Target, Michael’s and Home Depot, to name just a few, have shaken consumers’ trust and the sense of security they have in using their debit and credit cards to make purchases. According to a 2014 report from LexisNexis, the “True Cost of Fraud Study,” retailers lost $11.1 billion in 2013 overall due to fraud. Even more alarming is there is no sign that this trend is slowing down. In fact, retail fraud is growing at a rapid rate, with the percentage of revenue lost to cyber thieves increasing 70 percent, from .080 percent in 2013 to 1.36 percent in 2014.

Investing in IT security solutions that shut down hackers and cyber criminals before they take advantage of flaws and vulnerabilities in your retail business website and network during the holiday shopping rush is an important first step in protecting company revenues. Even better, by going that extra mile to make sure your customers’ private financial data is protected, as a small business retailer, you can also bolster your reputation as a retail brand that can be trusted.

Not only will the investment in complete end-point protection, network/gateway security and mobile device management pay off in customer loyalty and secured sales revenue, it’s also much less expensive in the long run. A recent survey by the Ponemon Institute showed the average cost of cybercrime for U.S. retail companies more than doubled from 2013 to an annual average of $8.6 million per company in 2014.

Although major retail brands are a more lucrative targets for cyber criminals, most large retailers also have extensive security policies and multilayered IT security solutions in place, leaving cybercriminals to set their sights on smaller online retailers, which they know may not have the time, resources and IT personnel to successfully thwart attacks.

Small to mid-sized etailers must invest in building customer trust, and the most effective way to accomplish this is to do as much as possible to make sure customer transaction data is safe and secure. It takes just one data breach for a business to lose long time customers, along with potential customers and your hard-earned reputation and the market momentum they’ve worked hard to earn.

Surprisingly, it’s possible for small to mid-sized retailers and etailers to compete with their larger competitors by creating a safe and secure shopping environment for their customers. Here are four key tips to keep in mind:

  • Be Proactive – Defend against even the most sophisticated cyberattacks that pummel operating systems, applications and servers by regularly evaluating your system for suspicious behaviour, including out of the normal behaviour. Smaller enterprises can defend proactively by staying up to date with the latest threat intelligence and applying this knowledge as appropriate. This includes keeping all software up to date and ensuring that patches and bug fixes are applied in a timely manner.
  • Bolster Anti-Virus Protection – Although not the only way to protect your network and customer data from attacks, anti-virus (AV) protection should remain a top priority and not be taken for granted. AV software is designed to prevent, search for, detect, and remove software viruses as well as other malicious software like Trojans, adware, worms and much more. By some estimates, there are 60,000 new pieces of malware created daily. The basic Windows Defender AV software that is built into the latest versions of Windows have been shown in Industry tests to only stop about 80% of the malware that is out there. And its signature files are updated only once a day. So just AV is not enough to protect against many of these new threats, yet it is still extremely important to overall system security. With added heuristic functionality, which looks at the behaviour of a file in addition to its signature to determine if it is malware, today’s AV is much more advanced than it was just five years ago. As a result, modern AV is now very effective at blocking a wide array of malware, including spyware, adware, keyloggers, remote access Trojans and root kits.
  • Go Comprehensive – Most security experts recommend that companies of all sizes take a comprehensive approach to IT security. While keeping AV software up to date is extremely important, providing multiple layers of security to all your endpoints should be the goal. These layers can include AV, Application Monitoring, Content/Web Filtering and Data Loss Prevention (DLP). Rather than purchasing individual solutions from various vendors, small to mid-sized retailers are better served by choosing a robust IT security package that provides cross-platform support for mobile endpoints, servers, networks and gateways. By choosing one complete endpoint security solution that has everything from AV to DLP included, retailers can focus on protecting invaluable data assets rather than worrying if multiple software licenses have expired, leaving their data and their customers’ data exposed and ripe for theft.
  • Future Proof Your Security – Keeping up with trends is as important to SMBs as it is to large big box retailers. The “Internet of Things” (IoT) is one trend that is picking up steam day-by-day. From an IT security standpoint, it should be evaluated as another potential risk to business and consumers alike. As more sensor-driven systems, such as refrigerators, cars and even smartwatches, connect to the Internet, cybersecurity protections must also step up to prevent data breaches and compromises. IT security will need to keep up with this new era of “Everything connected, all the time.” Retailers must also be aware that this may affect secure payment methods, and adjust their IT security strategies as a result. The retailers that keep up with quickly evolving technology like IoT will be three steps ahead of the game.

This post originally appeared in the September issue of Website Magazine.

This article was written by Farokh Karani from Business2Community and was legally licensed through the NewsCred publisher network.