Retailers across Australia are particularly susceptible to a variety of risks and threats. The difficulty of supply chains for retailers and in addition to the number of external vendors, and the data of customers that goes over (and is still often stored in) the systems of retailers is the reason they are the most frequent targets for cybercriminals.
Why? because not just is the information of high value for cybercriminals and hackers, but also because of the capability to exploit weak points in the security chain. Furthermore, the massive amount of digital collaboration that takes place both within the and out of retail businesses, and particularly post-COVID, has to be handled in a safe manner. Digital collaboration is caused by the disparity of employees, contractor, and external organizations in the context of the supply chain which is distributed across networks.
As primary targets retailers, which can retail stores do in order to prevent being the latest victim of this futuristic future?
Less is less
Retailers have traditionally taken a shrewd approach to collecting and storing the data of their customers to provide an entire picture of their clients. But what many have been unable to grasp is that the data is becoming a risk, making them targets for cybercriminals.
It’s no any longer acceptable to gather and store information. This includes internal documents or customer’s personal data (PII). Instead, retailers need to establish and implement a lifecycle management policy that covers the destruction of information when it has reached the end of its usefulness or is no need for.
Similar to inventory in the warehouse of a retailer It’s not sustainable nor prudent to keep data for longer than it is needed. Retailers need to evaluate data once it’s shared or created by determining the length of time it is necessary to be stored (retention) and creating automated triggers and procedures to ensure that data is not used or stored within the business in excess (classification).
Getting your information in rows
First of all, retailers must be organized in terms of collecting data and also consider the way data is produced and/or stored. In relation to customer information, retailers must be aware of the data that customers are collecting (for instance credit card information) and the reason for it (for instance, to handle an transaction as a single event). This is the first step to ensure it’s much easier to recognize and thus control customer data throughout its entire lifecycle.
Second, a security permissions system must be developed to stop the unauthorised access of information by employees or contractors as well as supply chain organizations. Digital collaboration implies that we can no ever put a stamp that says ‘classified’ onto the manila folder, and then ‘call it an hour’. For instance, all the files in the shared drive of an organisation should have automatic policies in place which manage access to certain documents or folders based on classification.
Security permissions should also comply with the preferences of the person providing the data to how their personal data can be utilized when they supply the data. For instance, refraining from granting access to customer address information to employees unless it is necessary to fulfill a particular purpose. This will stop misuse and also making it harder for hackers to access certain secured information.
In addition, retailers should develop out retention and disposition policies in accordance with specific policies, regulations and compliance standards. In the end, data should only be kept for as long as it is required particularly sensitive data which is much more likely become the victim of breaches (such in the case of PII such as has been observed in the cases of Optus, Medibank and most recently Latitude Financial Services). Like we said the importance of tagging or categorizing the data once it’s been created and/or taken in helps retailers automatize the process.
In sum
Recent data breaches have put a spotlight on the ways that retailers, especially those that collect personally identifiable information, are mismanaging the customer information they have. The increasing degree of complexity of security threats and the massive amount of information being gathered and shared by organizations has resulted in a rising trend of outsourcing the management of data to ensure that bespoke plans can be successfully implemented and maintained and leave no gaps.
The existence of a data lifecycle strategy in place is nowadays not just good business sense but it’s essential to the long-term success of a retailer. This is recognized by insurance companies as well and retailers are now being able to lower the cost of insurance by showing proof that an effective data lifecycle strategy is in place in the company.
In a dystopian world adopting a preventative and proactive approach to managing data will allow retailers to stay just one step ahead of chaos.
