The recent PwC Black Friday survey identified that 62% of purchases made by Irish consumers over the Black Friday-Cyber Monday weekend will be conducted online with 38% spent in-store.
This trend towards online shopping has led to retailers augmenting their physical stores with online experiences, however, there are often challenges when implementing effective cybersecurity measures to secure their consumers' data.
With the proliferation of electronic devices, where there are more electronic devices than people, and cybercriminals are becoming more innovative in their tactics there has never been a more challenging time to operate and manage an effective Cybersecurity program. It is with this in mind that we have developed some practical first steps any retailer can take on their journey to mitigating their cyber risk and protecting their consumers' data.
By building an end-to-end understanding of cyber risks and threats, and aligning these to business objectives, retailers are able to take the appropriate measures to protect their digital assets and maximise the opportunities that are available online. It is in our experience that retailers should begin by focussing on these 10 steps to protect their digital assets.
Your staff are your first line of defence. All staff should be educated in security procedures and made aware of the cyberthreats.
Cyber risk Assessments are carried out to identify, analyse and evaluate cyber risk. Ruthless prioritisation is key for any program and risk assessments should be used to guide your investment of resources. Risk management programs prioritise potential risks based on likelihood and impact, leading to a plan to minimise, monitor and control risk. Risk management can and should be carried out by retailers of all sizes. Directing the area of focus can often reduce the cybersecurity spend.
Connecting to the Internet puts your network at risk. Defend your network perimeter, filter out unauthorised access and malicious content and most importantly test your security controls.
Security misconfigurations are one of the most common gaps that hackers look to exploit. To safeguard your programme from attack, security measures should be implemented when building and adding network devices.
Monitoring your network is key to detecting and responding to attacks. Effective monitoring is fundamental to building a basic level of cyber resilience.
All users, including administrators, should use multi-factor authentication when using cloud and Internet-connected services. This is particularly important when authenticating to services that hold sensitive or private data. Access to sensitive information and permissions should be kept to a 'need to know' basis.
In the era of GDPR the need to be able to quickly and effectively respond to a data breach has never been so high. Incident Response plans should be developed and rehearsed regularly.
Anti-malware policies are a must to reduce the risk of malware gaining access to your system during information exchanges.
Access to removable devices needs to be controlled and monitored and are a vulnerability for many small and medium enterprises.
Mobile working exposes systems to new risks. Mobile working policies need to be developed and staff should be trained in accordance.
You cannot eliminate cyber risk, but we believe that through prioritisation an effective cybersecurity program is within reach for every retailer, ensuring they are able to prepare, withstand, recover and learn from malicious attacks and security events online.
Companies that actively lead on cybersecurity and protect their consumers' data are creating a trusted and reputational edge for their brand.
PwC Cybersecurity, Privacy and Forensics help retailers of all sizes protect themselves and their customers against cybersecurity threats. Please connect with your PwC contact should you have any questions about any of the matters raised in this article.