Digital News Asia: Cognizant’s Vice President of Consulting Outlines Eight Ways Retailers can Avoid Digital Theft

“Digital has redefined the shopping experience. But digital technology has also brought with it the risk of digital theft. Retailers need to identify this risk early on and develop an approach to manage it better,” writes Sandy Gopalan. Excerpts:

“Retail has been one of the most targeted industries for digital theft, ranging from Point-of-Sale (POS) intrusions, payment card skimmers and several other data breaches, which are becoming more sophisticated with time.

Multiple touch-points increase the risk of digital theft, which can have both financial and reputational impact. Almost 40 percent of businesses in Asia have experienced significant economic loss resulting from data security breaches in 2014.

Given that prevention is key, retailers should do everything within their power to avert sophisticated hackers from breaking into the system. With Asia Pacific’s retail market booming in view of the rise of the middle class, retailers can adhere to the following eight practices to discourage digital theft.

1. Know your vulnerabilities. Retailers can better anticipate and manage vulnerabilities with continuous and collaborative vulnerability assessments to help measure the degree of exposure.

2. Validate, validate, validate. Make sure the status of everything on every network is confirmed and that includes computers and devices that are presumed non-operational or that were never turned off or formally decommissioned.

3. Know your partner network. There are POS terminals, suppliers, administrators, HR managers and thousands of others hanging on your organization’s network from the outside. Know who they are and what their security looks like all the time.

4. Always keep an eye on the back door. One of the most common network breaches occurs with default passwords or hardware configurations, frequently at the POS terminal. To counter this, every single POS terminal must have its defaults removed. The entire supply chain has to be validated to prevent malware insertion.

5. Know your vendors. This includes not just your organization’s hardware and software suppliers, but also your organization’s lawyers and accountants, HR and recruiters, architects and engineers, consultants and third parties, cloud providers, business and technology service providers and consultants.

6. Prepare an Internet of Things (IoT) strategy. Once IoT is fully realized, there will be exponentially more data exposure, vulnerable handlers and open doors by way of all the new connected devices. A pre-emptive strategy is essential.

7. Learn to say “yes”. Prohibiting useful technology will only encourage people to move to simpler, often less-secure workarounds.

8. Make this a “chief executive” concern. Security is a CEO and board of directors’ issue. It enables and empowers every aspect of the company. With so much at stake, it deserves a seat at the big boy table—as well as a big boy budget and the ear of the CEO.

Click here to read more.