The Australian government has recently warned of the possibility of a “dystopian future” where cities connected to the internet could be “held by interference in everything from traffic light timings to surgical schedules.” Secretary for the Home and Family Affairs Clare O’Neil highlighted the dangers associated with our connected society, and the need to be more prepared in both the business and government.
The retail industry across Australia are especially vulnerable to a range of attacks and threats. The complexity of the chain of supply, as well as the large number of vendors outside the retailer as well as the personal data that flows through (and is often still stored within) the systems of a retailer means they are prime targets for cybercriminals.
Why? because not only are the information valuable for cybercriminals and hackers, but also due to the potential to attack weak points in a complicated security chain. In addition, the large volume of digital collaboration that takes place within and outside of retail businesses, specifically post-COVID, must be controlled in a secure manner. Digital collaboration is caused by disparate employees, contractor teams and other organizations that are component of the supply chain which is distributed across networks.
Therefore, as the potential targets, what should retailers do to ensure that they don’t become another victim in this dystopian world?
The more is the less
Retailers have always adopted a shrewd approach to gathering and storing customer data to get a 360-degree view of customers. However, what many fail to realize is that their data has become vulnerable, and they are an easy target for cybercriminals.
It’s no longer acceptable to gather and store information. This includes internal documents or customer’s personal details (PII). Instead, retailers need to establish and implement a lifecycle management strategy that includes destruction of information when it is used up in its lifespan or not required anymore.
Like stock at a warehouse store isn’t sustainable or sensible to store data for longer than it is needed. Retailers need to evaluate data once it’s generated or shared and determine the time it’s required to be kept (retention) and creating automated triggers and procedures to ensure that data isn’t accessible or stored within the company for too long (classification).
Your data is put in rows
In the first place, retailers need to be organized in terms of data collection, and think about how data is created and/or gathered. In relation to the customer’s data, retailers must to be aware of the type of customer information they’re collecting (for instance details about credit card transactions) and the reason for it (for instance, to handle transactions as a single transaction). This is the first step to ensure it’s much easier to recognize and handle customer data throughout its lifespan.
Second, a security permissions system must be developed to stop access to information by contractors, employees or supply chain organizations. Digital collaboration is a way to no longer put “classified” on a paper folder and then ‘call it an hour’. For instance, all the files on the shared drive of an organisation should be managed by automated policies in place to control access to particular folders or files in accordance with classification.
Security permissions should also respect the individual’s preferences regarding how their information will be used if they supply the data. For example, denying access to customer address information to staff members unless they are required for a specific purpose. This can prevent misuse and making it more difficult for criminals to gain access to sensitive information.
Finally, retailers must create retention and disposal guidelines based upon specific guidelines, rules and regulations and compliance standards. The most important thing is that information should be stored only for as long as is necessary particularly sensitive data that’s more likely to become the subject of a data breach (such as PII like what was seen in the case of Optus, Medibank and most recently Latitude Financial Services). Like we said the importance of tagging or categorizing the data once it’s been created and/or obtained allows retailers to automate the process.
In sum
Recent breaches have put the spotlight on how retailers especially those that collect personally identifiable data have been unable to manage the information they have about customers. The increasing security threats and the massive amount of data stored and shared by companies has led to an increasing trend outsourcing data management in order to ensure that bespoke strategies can be successfully applied and sustained, ensuring there are no gaps.
A data lifecycle plan implemented is not just good business sense, but it’s crucial to a retailer’s long-term success. This is now being acknowledged by insurers too and retailers are now being able to lower their insurance costs by proving that a data lifecycle strategy is in place within their business.
In a dystopian future taking a preventative and proactive approach to managing data will help retailers stay just one step away from chaos.
