Last week, The National Cyber Security Centre (NCSC) released information on best practice guidelines developed in conjunction with the British Retail Consortium (BRC). The NCSC is tasked with protecting not only business but also private individuals from cybercrime. Retail is one area where business and private individuals are closely connected. In an increasingly digitalised environment, retailers both small and large are not only dependent on online channels for profitability and business growth but also SaaS and digital tools to run their businesses.
Where the digital environment offers many opportunities, vulnerabilities also increase. Not simply because it is online but also the number of access points that many businesses have. This includes multiple apps and systems with multiple users and passwords, online sales apps not properly secured, CRMs that are not secure, point-of-sale, lax data management are just a few to name.
Customer confidence is now closely tied to how their data is managed and a breach can result in a high turnover of clients. Big businesses like TalkTalk will struggle with this but SMEs might find this is a position they cannot recover from.
It doesn’t take much for a breach to happen. Whilst I’m loathe to cite TalkTalk again (they are ever-present in blogs and cyber presentations!) if a teenager in their bedroom can hack a blue-chip business, what could they do to you? Many security breaches are the result of the simplest vulnerabilities like cross-site scripting.
So, for SME retailers, what can you do? Perhaps you feel you have limited time and resource to build a fortress against the cyber criminals, understandable. However there are ways to simplify your systems to reduce access and increase resilience and rigor in your processes.
From a retail-specific perspective, the BRC has released a toolkit designed for all types and sizes of retailers. This can be found here.
There are also practical approaches you can take as a small business. If you are juggling multiple systems and apps, chances are, you are increasing your vulnerability and spreadsheets are not secure either! All a hacker needs to do is to gain access to one and then, in a world where most employees use the same or similar passwords across all tools at work and at home, suddenly they have proliferated across your system and stolen your data, or worse, access your purchase order and invoicing systems and start paying themselves (not uncommon!). And, then there is compliance with those GDPR requirements…
Then, quite rightly, you need to look at your systems and processes. Business software like Workhorse provide a secure, end-to-end business management system with one dashboard for your whole business but at a manageable cost. The benefit: data in one place, higher security (as an Amazon Technical Partner security is key) and a faster, more efficient way to run your business. What’s more, they have systems designed specifically for retail in mind, such as their order management and inventory system.
Source: https://www.ncsc.gov.uk