Data breaches have become everyday news and affect virtually every industry. In the retail sector, the theft of consumer data can seriously damage an organization’s reputation — often leading to financial loss — and the number of breaches is rising. Many labeled 2014 the “year of the retail breach,” and there was no reprieve in 2015. All retailers need to put more effort into data breach prevention in order to protect their customers and reputations. According to the Ponemon Institute, while the cost of a data breach has remained fairly stable from 2014 to 2015, costs in the retail sector rose dramatically.

According to recent research from Interactions, 45 percent of shoppers do not trust retailers to keep their information safe, and 85 percent of those who have been victims of data breaches have shared their experiences with others, primarily through online means. Almost half (48 percent) state that they have either stopped shopping at that retailer or will shop there less frequently and spend less money.

A recent survey by Intelligent Defense found that consumers want retailers to do more in the area of data breach prevention. More than a third (36 percent) want to see harsher criminal penalties imposed for data breaches, but 35 percent think retailers should be spending more on IT security, and 20 percent want more education regarding security. Just nine percent believe there should be more government regulation.

Know the Vulnerabilities

Retailers face a number of security vulnerabilities, including theft, network intrusions, disgruntled employees and attacks against POS systems. POS systems are mainly seen in the retail sector, and the 2015 Verizon Business Data Breach Investigations Report states that retail attacks involving POS systems have grown more sophisticated from 2014 onward, with attackers increasingly going after larger organizations.

The use of payment card skimmers is also prevalent in retail. Retailers that haven’t already done so should move fast to replace older payment terminals with those supporting the new EMV standard. Alternatively, they could start offering mobile payments through services such as Samsung Pay that have security built in.

Boost Security Measures

As well as customer-facing systems, retailers should look to boost the technology of their own networks. They should ensure that all software is up to date, with the latest patches applied, and should make sure that firewalls are deployed and properly configured. Other technology measures to take include data breach prevention, network security, endpoint security tools, encryption, tokenization and strong forms of authentication.

Softer measures to take include raising security awareness through employee education, including providing information about protecting sensitive data on all types of systems and devices. If an organization has experienced a security breach, the best way to maintain customer loyalty is to provide a quick and comprehensive response, so organizations need to be prepared. Communications should be clear and honest, including information regarding extra security precautions being taken, and programs such as free credit monitoring should be offered to affected customers.

Today’s reality is that security breaches are on the rise. In the retail sector, attackers are expanding from small stores and restaurants, which had previously been their prime targets, to larger organizations, which collect more data and therefore have more to lose. No organization can afford to be complacent, and all organizations should look at their overall security posture in order to protect consumer confidence and their own reputation and business prospects.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth