Black Friday-Cyber Monday: protecting the online shopping experience

28 November, 2019

The recent PwC Black Friday survey identified that 62% of purchases made by Irish consumers over the Black Friday-Cyber Monday weekend will be conducted online with 38% spent in-store.

This trend towards online shopping has led to retailers augmenting their physical stores with online experiences, however, there are often challenges when implementing effective cybersecurity measures to secure their consumers' data.

The security challenge

With the proliferation of electronic devices, where there are more electronic devices than people, and cybercriminals are becoming more innovative in their tactics there has never been a more challenging time to operate and manage an effective Cybersecurity program. It is with this in mind that we have developed some practical first steps any retailer can take on their journey to mitigating their cyber risk and protecting their consumers' data.

10 steps to cybersecurity

By building an end-to-end understanding of cyber risks and threats, and aligning these to business objectives, retailers are able to take the appropriate measures to protect their digital assets and maximise the opportunities that are available online. It is in our experience that retailers should begin by focussing on these 10 steps to protect their digital assets.

1. Education and awareness

Your staff are your first line of defence. All staff should be educated in security procedures and made aware of the cyberthreats.

2. Cyber risk management

Cyber risk Assessments are carried out to identify, analyse and evaluate cyber risk. Ruthless prioritisation is key for any program and risk assessments should be used to guide your investment of resources. Risk management programs prioritise potential risks based on likelihood and impact, leading to a plan to minimise, monitor and control risk. Risk management can and should be carried out by retailers of all sizes. Directing the area of focus can often reduce the cybersecurity spend.

3. Network security and segregation

Connecting to the Internet puts your network at risk. Defend your network perimeter, filter out unauthorised access and malicious content and most importantly test your security controls.

4. Security misconfiguration

Security misconfigurations are one of the most common gaps that hackers look to exploit. To safeguard your programme from attack, security measures should be implemented when building and adding network devices.

5. Monitoring

Monitoring your network is key to detecting and responding to attacks. Effective monitoring is fundamental to building a basic level of cyber resilience.

6. User privileges and access management

All users, including administrators, should use multi-factor authentication when using cloud and Internet-connected services. This is particularly important when authenticating to services that hold sensitive or private data. Access to sensitive information and permissions should be kept to a 'need to know' basis.

7. Incident management and response

In the era of GDPR the need to be able to quickly and effectively respond to a data breach has never been so high. Incident Response plans should be developed and rehearsed regularly.

8. Malware prevention

Anti-malware policies are a must to reduce the risk of malware gaining access to your system during information exchanges.

9. Removable media controls

Access to removable devices needs to be controlled and monitored and are a vulnerability for many small and medium enterprises.

10. Mobile working

Mobile working exposes systems to new risks. Mobile working policies need to be developed and staff should be trained in accordance.

You cannot eliminate cyber risk, but we believe that through prioritisation an effective cybersecurity program is within reach for every retailer, ensuring they are able to prepare, withstand, recover and learn from malicious attacks and security events online.

Gaining a trusted and reputational edge

Companies that actively lead on cybersecurity and protect their consumers' data are creating a trusted and reputational edge for their brand.

PwC Cybersecurity, Privacy and Forensics help retailers of all sizes protect themselves and their customers against cybersecurity threats. Please connect with your PwC contact should you have any questions about any of the matters raised in this article.

Contact us

Pat Moran

Partner, PwC Ireland (Republic of)

Tel: +353 1 792 5308

Will O'Brien

Director, PwC Ireland (Republic of)

Tel: +353 1 792 8988

Follow PwC Ireland