Next Thursday, most Americans will be enjoying Thanksgiving festivities, giving thanks for family and friends. However, the Friday and Monday after are a different story with Americans rushing capture Black Friday and Cyber Monday deals in-store and online. This creates a feeding frenzy for shoppers and cybercriminals alike. So how can enterprises protect themselves from falling prey to a retail data breach? Read on for 4 tips to protect your consumer data.
Consumer Data Makes an Attractive Target
Retailers in the US have consistently been a prime target for security breaches. According to the 2018 Thales Data Threat Report, Retail Edition, data breaches of US retailers more than doubled, rising to 50% from 19% reported in the 2017 survey. The list of retail breaches over the past 24 months includes Macy’s, Bloomingdales, Adidas, Panera Bread, Under Armour, Chipotle, and Hudson Bay Co’s Saks Fifth Avenue, Saks Off 5th and Lord & Taylor, Kmart, Buckle and Eddie Bauer.
With billions to be spent on Black Friday, and a lot of that spent via credit and debit cards, retailers are responsible for a whooping amount of personally identifiable information (PII) and financial information. Failure to protect that data comes with a huge amount of liability in the light of new privacy legislation including GDPR. With the average cost of a data breach looming at $3.86 million, not to mention loss of reputation and the sharp sales decline that follows, protecting consumer data should be a priority this holiday shopping season and year round.
Tips for Protecting Retail Data
According to the Thales report, “With increasingly porous networks, and expanding use of external resources (SaaS, PaaS, and IaaS most especially) traditional endpoint and network security are no longer sufficient, particularly for heavy adopters of public cloud resources such as the U.S. retail sector. However, data security tools such as discovery/classification, encryption or tokenization can provide increased protection to known and unknown sensitive data found within advanced technology environments like cloud, containers, Big Data and IoT.”
With the constant threat of retail data breaches, it is more critical now than ever to keep data safe this Black Friday and Cyber Monday. With 84% of US retailers planning on increasing IT security spending this year, they need to shore up both their payment processes (POS machines, online transactions) and their data security (application data, files).
If you are storing cardholder data or any customer PII here are 4 suggestions to keep it safe:
- Don’t just rely on perimeter security – Hackers aren’t the only cause of breaches, in fact in over 20% of breaches users are. Data, applications, or systems that house highly sensitive data should be a ‘zero trust’ zone. Use both the content a user is trying to access and the context of their current environment and device to determine access rights. For example, What type of device are they using? Where are they and what time of day is it? Does the device comply with corporate policy? This will help you spot and stop any users from stealing sensitive data or identify a hacker that may be posing as one of your users with stolen credentials.
- Don’t trust that application content is secure – Unfortunately, even with content management or collaboration system in place, files move around in companies via copying, desktop download, email, etc. Therefore, you cannot always trust that sensitive information will remain in house and stay secure. Put controls in place to restrict what authorized users can do with sensitive documents to limit the damage that can be done by accidental or unauthorized sharing.
- Enforce policies on the handling of cardholder data – Paper policies are great, but how do you know employees are following them? Use intelligent data security to prevent or warn users if they attempt to distribute sensitive information such as cardholder data or confidential documents against policies. And if a file with PII or payment data is authorized to leave your organization, make sure it is encrypted before it leaves. Key stakeholders should be notified of any violations so that appropriate actions can be taken such as additional training or new policies.
- Know how cardholder data is used – Track and monitor the entire life cycle of documents containing cardholder data. Ensure you have audit trails that record user interactions with content containing cardholder data or other PII i.e. opening, printing, downloading or emailing these documents. This is an important step to assess security breaches and track potential misuse or leaks.
These steps can be applied across the enterprise to not only keep customer and payment card data secure but prevent any other sensitive information from falling into the wrong hands. After all your next merger or brand acquisition is probably something you don’t want breached either.
Learn more about intelligent data security to keep your customer data and everything in between secure.