SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Keeper Security urges retailers to prep for holiday season cyber threats
Fri, 17th Nov 2023

Keeper Security, a leading provider of cybersecurity software, has issued a warning to retailers about potential cyber threats during the holiday shopping season. With an increase in customer traffic and sales volume, cybercriminals can exploit the high-stress period of Black Friday and Cyber Monday to target retailers with cyberattacks.

This is the time of the year when cybercriminals look to utilise a range of tactics to gain access to an organisation's systems and valuable data. These include phishing attacks, ransomware, malware, business email compromise and more. Preparing for and actively defending against cybersecurity threats during the holiday shopping season is essential to maintain the security of customers' data and transactions.

Keeper Security suggests several best practices to protect sensitive systems and customer data. According to Verizon's Data Breach Report, a staggering 74% of security breaches involve human errors, such as falling victim to social engineering, stolen credentials, or misplacing passwords. Cybersecurity training should be part of employee onboarding to ensure employees are aware of cybersecurity threats.

All systems and software, including Point of Sale (POS) terminals and e-commerce platforms, should be regularly updated with security patches to protect against known vulnerabilities. Installing regularly updated antivirus software can further defend against the newest threats.

To secure payment processing systems, it's vital to use trusted tools and isolate payment systems. Additionally, managing access to privileged systems like payroll and IT is essential. Employers should ensure that employees only have access to systems necessary for their jobs, and an intrusion detection and prevention system should be set up to monitor for potential threats.

Keeper Security also advises retailers to regularly back up and control access to data, as well as monitor user permissions. A critical part of this process includes reviewing existing data collection practices to ensure organisations understand what user information they are collecting. This includes getting rid of any 'dark data' the organisation is not using. If a piece of customer information is not absolutely necessary, Keeper suggests not collecting it.

Weak and compromised passwords are the largest threat to a retailer's cybersecurity. An enterprise password manager can give IT admins visibility into employee password practices, offering them the ability to enforce strong, unique passwords along with multi-factor authentication (MFA), and help prevent employees from entering their credentials on phishing sites.

Moreover, to protect the network, a strong password featuring a mix of letters, numbers and special characters is advisable. Enabling the firewall feature already available in the majority of routers is equally important. Using a Virtual Private Network (VPN) to allow remote workers to connect securely is also recommended.

Implementing these steps will enable retailers and small businesses to bolster their cybersecurity posture and offer better protection to their systems and customer data during the holiday shopping season.