Cybersecurity problems in retail: 3 cybersecurity pain points & how to solve them

2. Lack of comprehensive security

We see a heightened urgency to implement more robust, holistic, strategic security today. That urgency derives from several factors:

• Increased cloud service usage outside of network perimeters

• Remote work has obliterated the idea of network perimeter

• Ever-expanding “hybrid” work practices

COVID-19 accelerated the need for cloud applications to keep everyone connected, productive, and communicating anytime, anywhere. Related to the increased surge in remote work, 2020 saw a dramatic rise in cyberattacks, especially ransomware – making security a priority for all organizations.

Retail organizations need a continuously evolving set of cybersecurity standards that shift defenses from traditional static, network-based perimeters to focus on users, assets, and resources.

Flexible, hybrid workstyles create a myriad of security challenges. So, how can retail leaders keep businesses and employees secured?

Your employees work anywhere and everywhere – in the field, in warehouses, doing store walks, in their home offices, at conferences, etc. A secured infrastructure is needed to let them safely work, connect, and collaborate from anywhere. They – and the information they're working with – are exposed to new points of vulnerability.

As retailers, you need a holistic security solution as you implement automated solutions or devices in warehouses and stores. Your employees use many IoT devices outside of standard office and computer parameters. They’re working with barcode scanners, mobile payment devices, self-checkouts, cash registers, and card readers, just to name a few. Are these devices and systems truly secured?

A third-party IT security vendor can help install and deploy new automated equipment and assist with increased cloud service and security outside of network perimeters.

Solution: Implement a Zero Trust security model

Consider taking a Zero Trust approach to protecting your employees and information. Since the pandemic, you have been forced to innovate your security measures. You’ve most likely moved to the cloud and have automated security and compliance processes.

Zero Trust, sometimes called perimeter-less security, is a security framework where every user or device must be authenticated and validated before gaining access to any business system, application, or asset(s).

Traditional retail organizations' current perimeter-based security model isn't practical between IoT-connected POS systems, drones, delivery robots, and more. To stay ahead of these trends, retailers must adopt a Zero Trust model.

Zero Trust systems always validate access for all resources to ensure only authorized and approved individuals are accessing data. It shifts defenses from traditional static, network-based perimeters to focus on:

• Users – Anyone with access to your system, including vendors, staff, and contractors

• Assets – Where your information and data lives

• Resources – Tools used to protect your information

Zero Trust security model or architecture in retail requires a multi-layered approach. Its core principle is that all people and all devices, inside and outside the network perimeter, should never be trusted. Additionally, Zero Trust assumes that internal and external threats always exist on the network. All devices, users, and data flow must be authorized and authenticated.

Technologies often used in Zero Trust include:

• Multi-factor authentication (MFA)

• Advanced endpoint protection

• Event isolation technologies

• Data encryption

• Identity management and protection

• Secured messaging

• Asset validation before connection

Gartner predicts that 60% of all organizations will embrace Zero Trust as a starting point for security by 2025.5 However, more than half will fail to realize the benefits – Zero Trust must become a vision throughout organizations. Retail leaders must promote clear communication that ties it to business outcomes to achieve the benefits.

Related content

Article: Principles of Zero Trust Security

3. Human error

A popular financial company made headlines because of a social engineering cyberattack. A malicious actor tricked a customer service employee resulting in the attacker gaining access to over 5 million email addresses and 2 million names.

The 2022 World Economic Forum states that 95% of cybersecurity breaches are due to human error.⁶

“Ransomware poses a clear and present threat to companies today. Attacks are increasing in frequency and also in sophistication. But a lot of addressing the issues goes back to educating people and driving a security culture that addresses that human element factor and builds processes that help eliminate the likelihood of human error … which more often than not is the root cause of the attack,” says David Levine, Ricoh Chief Security Officer.

People and employees continue to be the weakest link in the cybersecurity chain, so training them on cybersecurity best practices is vital. Developing creative and educational cybersecurity programs that help your employees recognize, report, and avoid malware, phishing, social engineering, and ransomware threats is a must.

Employees are the gatekeepers to the company network. Cyber attackers know this and will do anything to gain access. The most sophisticated attacks regularly target even the tech savviest employees and CEOs.

Unsuspecting employees are easy targets. For example, social engineering allows attackers to prey on even the brightest executive who innocently provides info and company updates on LinkedIn. A phishing email threatens your network when sent to your accounting team disguised as an invoice.

Solution: Ongoing cybersecurity training for employees

Cybersecurity education programs go beyond onboarding new retail employees. Continued and updated education is necessary to keep your customers’ data safe and prevent your company from pricy ransomware or cyberattacks.

Experts say that today’s employee cybersecurity training should:

• Consist of bite-sized 10-15-minute sessions, so it’s easier to digest

• Occur quarterly, making it simpler for employees to squeeze into their schedules

• Engage employees – for example, providing them with information and examples of how to protect themselves both personally and professionally

Why not team up with a company specializing in employee cybersecurity awareness training? Training programs are an engaging way to educate your retail employees on handling different cybersecurity situations.

Though you can never fully eradicate human error, a robust end-user training and education program is invaluable to your defenses. It should become part of a larger plan to minimize potential points of attack and mitigate the damage when an attack occurs.

Consider implementing mock hacks and phishing email attacks to test employees and identify areas where staffers require additional training on cybersecurity best practices, policies, and protocols.

Focus on topics like:

• Suspicious URLs or domain names

• Emails requesting personal information, containing odd messaging or typos/grammatical issues

• Opening email attachments from unknown sources

• Using the same password for multiple sites

• Benefits of a secured password manager

• Risks of using public computers or unsecured wireless connections

In addition to running network assessments and updating software, if working with an outsourced IT team, have them assist with employee cybersecurity education. Ensure they perform frequent staff training programs that give your teams the information and tools to stay compliant and avoid costly mistakes that could lead to dangerous data breaches.

Final retail cybersecurity takeaways

Cybersecurity risks are ever-present as threats continue to become more sophisticated. At the same time, rapid change in retail industry competition, compliance, economic conditions, staffing issues, and new and legacy technologies can expose you to data breaches that could cost billions.

Don't fall into the high-cost trap of not doing enough, or worse, doing nothing. Reliable, always-on cybersecurity needs always to remain top of mind.

Visit the Ricoh Cybersecurity Solutions page to discover best-in-class solutions and technology to safeguard your retail business against the latest threats.