RapNet


Rapaport News

 

Financial-Legal

 

Advanced search
Latest Articles
Videos
Features
News
Mining
Rough Markets
Polished Markets
Manufacturing
Retail

How to Protect Your Store from Cybercrime

Retail is the sector most at risk of data theft, especially with the rise in e-commerce. Itay Hendel, CEO of ISPS Security, offers some advice for keeping your business safe.
May 11, 2020 9:10 AM   By Leah Meirovich
Print Print Facebook Facebook Twitter Twitter Share Share


RAPAPORT... First place is usually something to strive for, but being the number-one target for cyberattacks that steal customer data is not a distinction retailers want. As jewelers move increasingly toward online offerings, their private information becomes less secure, while hackers become more sophisticated in their retrieval methods. The retail sector had a higher number of data breaches than any other industry in 2018, accounting for 18% of all incidents worldwide, according to a 2019 report from security firm Trustwave.

Cybercriminals have a variety of methods for exploiting retailers’ vulnerabilities. Sometimes a bug in a business’s data-storage system lets hackers break in directly to retrieve unprotected information. There’s also phishing, in which staff members receive legitimate-looking messages with links or attachments that trick them into providing private details. Knowing customers often use the same login and password for multiple sites, cybercriminals can utilize another method called “credential stuffing,” in which they get clients’ personal information from one vendor and use it to make automated login attempts on other sites. In fact, a 2018 report by cybersecurity firm Shape Security found that credential stuffing accounted for more than 90% of e-commerce sites’ global login traffic.

The best way for stores to protect themselves and their clients is to be aware of where their vulnerabilities lie, and implement steps to strengthen their security, according to Itay Hendel, CEO of ISPS Security. Hendel, whose company serves the diamond and jewelry industry, offers some tips for preventing attacks.

What is the number-one cybersecurity threat retailers face?

Identity theft using phishing is the biggest threat. Other top threats are fraudsters setting up fake accounts that mimic those of a company’s suppliers, and then asking for payment to that account, as well as hackers taking over and abusing a store’s mailing system to obtain private information from its customers.

What are attackers primarily looking for?

The attackers’ main target is stealing money and valuables, and they will try and reach their target in any way possible, such as by taking credit card details, bank account information and personal details, whatever they can get.

How and where do they typically find vulnerabilities?

Generally, the most vulnerabilities are found in a store’s staff. Attackers often manipulate staff into sending them merchandise by using fake email accounts.

What are some of the common mistakes retailers make when it comes to cybersecurity, and how can they remedy them?

The most common mistake retailers make is immediately opening files when they get an email, or clicking on links and filling out their details. The problem is, they are naïve and unaware of the dangers in doing this. What they need to do is avoid clicking on links and opening files in suspicious emails. Of course, filling in personal information must be avoided, even if the email seems to be from the bank or a big company. It’s always best to check and verify with the sender over the phone before clicking anything.

What things do retailers most commonly miss or take for granted?

They don’t make sure that their computer systems are properly updated and secured as required. It’s recommended to check this at least every six months.

Do technological advancements and doing business by e-commerce increase the threat of cybersecurity breaches?

Yes and no. It’s obvious that the more we use technology, the greater the chances of our important information being harmed. On the other hand, there’s no way to avoid progress.... Technology should serve us, but sometimes users make critical mistakes that turn them into easy prey. Naturally, the more one is active online, the more they are exposed to attacks using the web. However, the solution isn’t avoiding online activity, but being active in a safe and proper way.

Are retailers at higher risk when attending shows?

Participation in exhibitions doesn’t necessarily increase the risk of being exposed to cyberattacks. Retailers must simply be careful what information they share, and whom they share it with, and make sure they have the proper security measures in place.

What are the worst cyberattack cases you’ve seen?

One example is a large store that received an email from one of its private clients who purchases quite a bit. He said he was on vacation but would like a shipment of specific watches. The staff corresponded with the client, who even sent “proof” that the money had been transferred. Of course, it wasn’t the client who contacted the store, but hackers that took over the store’s server and blocked and diverted the store’s email exchange.

Another example is a store chain that was cyberattacked, giving hackers access to all its correspondence. A large number of the internal emails were regarding a conference the owners and management were going to attend. The hackers, using professional manipulation, called one of the employees in one of the stores during the owner’s flight. Pretending to be the owner, the hackers ordered the merchandise to be collected via a courier who would come and pick it up. The employee, who was nervous when speaking to the owner, packed up most of the merchandise in the store and handed it over to the fake courier.

Do you have any other tips to help retailers protect themselves?

There are basic prevention steps, such as having the quality of your computer network defenses surveyed, installing new and effective defense measures, implementing a comprehensive and clear set of procedures for all employees, raising staff awareness of the ways hackers and fraudsters operate, and removing the usernames of former employees from all systems.

This article was first published in the April issue of Rapaport Magazine.

Image: Shutterstock
Print Print Facebook Facebook Twitter Twitter Share Share
Tags: Leah Meirovich
Similar Articles



Call Us: 1-702-893-9400
Member License Agreement   RapNet Trading Rules & Code of Conduct    Privacy Policy  
  
twitter twitter
About Rapaport
Advertise with us