Cybercrime doesn’t just affect companies like Facebook and Apple—it can happen to small retailers, too. Whether you’re a brick-and-mortar shop just setting up your website or you’re perhaps even looking to pivot to e-commerce entirely, protecting your data online comes with its own set of challenges, which may not always be obvious to those whose experience largely revolves around managing a retail business. Check out our suggestions to avoid any pitfalls in cybersecurity and protect your sensitive data like a pro.
Did you know that a 1% increase in your store’s conversion rate can mean a 10% increase in revenue?
Click here to discover how Dor can help you understand your foot traffic data and make more profitable business decisions.
Ready to purchase? Complete your purchase in just minutes!
How cyberattacks can be harmful to your retail business
Loss of customer trust
One of the easiest ways that hackers can harm your retailer is by accessing and stealing your customers’ personal data such as their passwords, addresses, credit card information, and more. Not only does this result in a publicity nightmare for businesses in the short term, but it may also impact customer trust and loyalty for years to come.
Lost revenue
During a cyberattack, hackers may disable your e-commerce site in several ways—either by shutting down the website entirely, preventing certain users (customers) from logging in, or introducing glitches to your site that impact the user experience and result in customers leaving your site on their own. Add to that time spent on website recovery and re-implementation of security controls, and you’re looking at a loss of revenue for the entire duration you have to deal with the cyberattack.
Loss of proprietary company info
Cybercriminals also pose a threat to your business in terms of accessing company “secrets”—this can take many different forms depending on the business in question, from recipes or formulas for market-leading products to correspondence on an upcoming merger between two companies. Ultimately, any information you don’t want released to the public can be a potential target for cybercriminals, so it’s extra important to keep that data secure.
12 pro tips to apply for your business
1. Stay on top of your domain & hosting
Your website is obviously the most important element of your retailer’s online identity, so you don’t want to risk losing it. To run a successful website, you’ll need to buy a domain (which is the URL for your website) as well as web hosting (a service that helps you build and share your website on the internet).
Popular service providers like GoDaddy and Squarespace offer both domains and web hosting, and although you may be tempted to mix and match their offers to get the best deal, it’s a good idea to stick with one service provider for both your domain and your hosting.
Not only will this make your life easier when sorting things out with customer service if and when issues arise, but it will also help you when it comes time to renew both your domain and hosting, as they’ll be done from a single account. And while we’re on the subject, be sure to stay on top of your service renewal deadlines: Whether you opt to renew your domain and hosting yearly or once every few years, make sure the credit card on file is one that still works, as the last thing you’d want is for your domain to be up for grabs, available for anyone to purchase.
2. Prioritize DNS health
For those who may be unfamiliar with the term, DNS stands for Domain Name System, which translates domain names into IP numbers, allowing visitors to access your website and do things like email your business. Regular DNS health checks are crucial for online retailers, as a compromised DNS server can both prevent customers from accessing your site and allow hackers to redirect your domains to potentially harmful websites.
Most domain and hosting providers will have internal DNS health check tools for you to use, but if none are available, or you simply want to double-check, you can also find various DNS health check tools via Google.
3. Invest in an SSL certificate
You may have noticed that most trusted e-commerce websites prominently display that they have an SSL certificate, but what is that? A Secure Sockets Layer (SSL) certificate is a digital certificate that not only authenticates your website as a legitimate e-commerce site but also encrypts information passed between the web server and the website visitor’s browser.
Having an SSL certificate is of utmost importance for online retailers who require customers to input sensitive data such as addresses or credit card info. Although some web hosting providers like Bluehost offer free SSL certificates, you can also obtain them from trusted third-party organizations called certificate authorities (CA).
4. Be vigilant about password protection
Whether you have one website admin or many, you’ll want to ensure that they change the default, system-provided password used to access your website, opting instead for a more complex password that won’t leave your website vulnerable to hackers.
In fact, password protection should be prioritized for every resource your retailer uses, from point-of-sale (POS) systems to staff scheduling resources and internal email servers, if you have them. A good rule of thumb is to have all your employees and any IT personnel change their passwords regularly, perhaps even quarterly, to protect your retailer from compromised passwords.
5. Implement multi-factor authentication
While we’re on the subject of passwords, multi-factor authentication (MFA) is another inexpensive and easy way to provide an added layer of protection for your company data. You may already be familiar with Google’s 2-Step Verification feature, which sends a passcode to your smartphone when you want to access your account.
Employing a similar MFA system across your retailer can help you protect your data by ensuring that only those who are allowed access can log into certain software programs such as POS devices or your company website.
6. Keep your systems up-to-date
Most service providers dealing with cybersecurity concerns are constantly improving security for their clients—but often the catch is that you need the most current version of these apps or software programs to benefit from these advanced security features.
When it comes to protecting your retailer from cyberattacks, it’s always a good idea to keep both your systems as up-to-date as possible. This can often be achieved easily by selecting auto-update on software such as staff scheduling programs, CMS tools, and social media accounts—although in the case of POS systems, you may also need to upgrade hardware such as credit and debit card readers from time to time.
7. Use Sender Policy Framework to prevent spoofing and phishing
We often hear the terms “spoofing” and “phishing” in relation to cybersecurity breaches, but do you know what they are? Spoofing is when someone who isn’t you communicates with your customers, pretending to be you. Phishing uses much the same technique, only with the intent of getting the customer to provide sensitive information such as passwords or other personal data.
As you can see, both of these forms of social engineering pose a threat to your retailer’s reputation, as well as to your customers’ sensitive information. To avoid such attacks, use an email authentication method called Sender Policy Framework (SPF) to prevent unauthorized persons from sending out emails using your sender address.
8. Avoid downloading untrusted apps and software
So, a fellow retailer told you about this new app that helps him with inventory management, and you’re keen to check it out—you remember the app’s name but not its logo, so you download what looks like the recommended app… Only to discover that it’s actually a malicious app, coded with the intent to help hackers steal your data.
Unfortunately, nowadays—when everyone with a smart device is able to download apps with just a few taps—this scenario isn’t uncommon at all. To protect yourself and your company against look-alike apps and malicious software, take the extra few minutes to read reviews and check out ratings for the program before downloading.
9. Restrict access to sensitive info
Not everyone across your organization needs access to every bit of data, so why should you give it to them? One of the best ways to ensure that sensitive data stays secure is to limit the number of people who can access it. For brick-and-mortar stores, keeping different data sets separate can take a variety of forms, depending on factors such as retailer size and whether there are multiple locations or just one.
One idea is to keep separate password-protected servers to store different data sets, such as one for communication purposes (like staff scheduling and company-wide emailing, which require multiple users to log in), and another one for storing sensitive customer data (which may only be accessed by one or two admins, if at all).
10. Plan for the worst
Most experts agree that it isn’t a question of if a company will experience a cybersecurity breach, but when. While you may well do everything in your power to protect your retailer’s data both online and in store, it’s still a good idea to implement a carefully thought-out strategy to deal with potential cyberattacks—one that includes both a Written Information Security Program (WISP, a document that sets forth a company’s policies and processes for data privacy and security) and an Incident Response Plan (IRP, or a step-by-step guide on what to do in the event of a data security incident). Another smart planning move would be to obtain cyber liability insurance, which provides coverage to protect your retailer from data breaches and cyberattacks.
11. Consult an expert
It’s great to have a “can-do” attitude in business, but sometimes, it helps to call an expert. Working with a professional security analyst to identify any potential cybersecurity risks ahead of time will be much more cost-effective for your business in the long run.
Depending on the size and type of retailer you operate, this can be a full-time employee or someone you consult a few times a year. Another creative solution would be to experiment with “ethical hacking,” whereby you can work with a Certified Ethical Hacker to detect any vulnerabilities in your company’s digital footprint, whether it’s your website, your email database, your POS system, or any other digital tools you use.
12. Train your employees
Last but certainly not least, remember that your retailer’s cybersecurity is largely dependent on how your employees behave. Ultimately, no matter how many security protocols you have in place, you’re only as safe as your least careful employee, so incorporate routine cybersecurity checks into your workflows, and be sure to thoroughly train any newcomers on the importance of paying attention to cybersecurity.
Implement easy-to-follow rules for your staff, such as avoiding clicking on unsafe links, not using easily guessable passwords, not repeating the same password across multiple sites or digital tools, locking up the POS system when stepping away for a break, and any other data security measures that make sense for your store.