As retailers of all sizes and varieties gear-up for the holiday shopping season which is revving up and will be in full swing by Thanksgiving weekend, Verizon Enterprise Solutions is offering security tips that should be at the top of every retailer's holiday checklist.
"We know from Verizon's ‘Data Breach Investigations Report' that retailers were among the most vulnerable to cybercrime and theft," said Phil Burroughs, vice president of Retail and Hospitality for Verizon Enterprise Solutions. "The key for the retail industry, however, is to bear in mind that the face of cybercrime isn't limited to bad actors and ‘grinches' on the outside, and more often actually occurs from innocent mistakes and lack of oversight on the inside."
"Taking stock of any vulnerabilities and putting some simple security protocols in place will help retailers protect their customers, assets and brand."
- Maintain current compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Compliance with PCI-DSS requires continuous adherence. This means a daily log review, weekly file-integrity monitoring, quarterly vulnerability scanning and annual penetration testing. To maintain continued compliance, Verizon recommends designating an internal PCI "champion" so that compliance becomes part of daily business activities during the holidays -- and every day.
- Self-validate very carefully – or entrust it to a credible expert. Top-tier merchants – which process the highest volumes of cardholder transactions – are allowed to assess themselves against the PCI Standards. But due to the numerous issues and conflicts of interest this can cause, Verizon recommends that an objective and credible third party validate the scope of the assessment or perform the testing.
- Get Ready for PCI-DSS 3.0. While 2014 is being treated as a transition year for implementing the PCI Security Standards Council's recently released new set of guidelines, securing a retailer's perimeter cannot always wait for compliance deadlines.
- Only use third-party security vendors who are credible experts. Verizon's ‘Data Breach Investigations Report' analysis revealed that small businesses and franchises of large chains were most vulnerable to cybercrime. If a third-party vendor manages a retailer's Point of Sale (POS) systems, the retailer should ask the vendor to confirm that PCI compliance measures are in place.
- Educate employees so that they can recognize security breaches and help keep security measures active. In addition to designating an internal PCI "champion" to ensure that the PCI security standards are being adhered to, employee education is critical for recognizing telltale signs of a breach and to understanding that prevention measures are working.
- In the era of omni-channel retailing, ensure that online and mobility channels are secure. Protect public-facing Web assets, which are great for attracting customers, but also magnets for cyber thieves. Protect in-store mobile assets through mobile-device management that can authorize approved employee access to corporate information, encrypt data, protect against viruses, and remotely lock and wipe devices of critical corporate information.
- Frequently change administrative passwords on all Point of Sale systems. Hackers constantly scan the Internet for guessable passwords, so avoid using POS systems to browse the Internet.
- Implement a firewall or access control list on remote access and administration services. If hackers can't reach a retailer's system, they can't easily steal from it.
Click here for more information on Verizon's security solutions.