By Stuart Reed, senior director, NTT Security.
The holiday season is arriving earlier and earlier and, as one of the busiest trading periods of the year, it makes sense that retailers are diligent in terms of data security. However, there is no one quick fix that will ensure against a breach.
First and foremost, it is critical that businesses are fully aware of their risk profiles and what data is stored and used where. A risk insight service can help achieve this as it discovers and evaluates a business’s current risk profile against agreed metrics and proposes a prioritised list of activities to address any identified vulnerabilities.
It is also vital that those with an online retail presence take all reasonable steps to ensure data integrity is maintained. This includes ensuring only those who require the data have access to it and enforce good practices for data management. Whilst there are likely to be dedicated teams in place to ensure IT systems remain secure and up to date with the latest security patches, maintaining standards, good practice and vigilance should be seen as collective responsibility and this culture should be encouraged throughout the organisation.
It is equally important that a well-rounded plan is put into place should a breach happen. An effective incident response plan not only addresses the immediate issue, but also seeks to inform all relevant parties on what has happened and what they need to do next. This is vital for both business continuity and minimising the impact to customers, perhaps also minimising brand damage and maintaining a level of good will or trust as highlighted in our latest Risk:Value report.
Whilst seasonal trading might result in a spike of targeted attacks and breaches, it is important to remember that in a connected, global economy, attack vectors and cyber threats are present 24 hours a day, every day of the year. It is therefore crucial that a balanced and well communicated approach to cybersecurity is established and maintained at all times.
Tips to help mitigate cyber risks
- Understand your risk– conduct an annual risk insight to understand the current risk exposure and to keep the board engaged with cyber risk.
- Secure configuration– keep hardware and software protections up to date. Stay on top of basic protection.
- Educate and train employees – ensure they know company policies and incident response processes.
- Incident response – establish, produce and routinely test and communicate incident management plans.
- Monitoring – continuously monitor all systems and associated logs to spot potential attacks and minimise risk.