Seven Security Tips to Safeguard Customers and Bottom Line This Holiday Season

Featured Article By David Kidd, Vice President of Governance, Risk and Compliance, Peak 10, Inc.

The security of personal information remains a top concern for consumers and retailers. There is good reason for that. The Target breach compromised approximately 70 million records. The Home Depot breach potentially impacted another 60 million consumers. The National Retail Federation reported in 2012 that service companies lost more than $11 billion due to credit card fraud. We can no longer deny that cybercrime is a real and growing threat to the retail sector. Consumers are becoming more sensitive to the security of their personal information, and they expect more from the business community in general and information technology professionals in particular. The heightened retail season running Black Friday to Cyber Monday offers an opportunity to gain customer loyalty and build brand value through a smooth e-commerce experience, or the potential to lose trust through security breaches. Many organizations have implemented programs to comply with the standards of their industry, but recurring incidents have proven one simple truth: compliance is does not equal security.

To help mitigate some of the risk, retailers are partnering with information technology firms and cloud service providers to take proactive measures, and establish compliant, safe and secure cloud environments to protect customer data.

More than one in five retailers (22 percent) are not compliant with the payment card industry data security standard (PCI DSS), according to a survey of 100 retail organizations with less than 1,000 employees. An additional 14 percent don’t know if they are PCI compliant. More than half (55 percent) are unaware of their state’s security breach requirements, while 40 percent lack any established policy for adhering to those requirements. Partnering with providers who already uphold a strong compliance program with careful adherence to industry standards will allow retailers to extend that protection of their customers’ critical data. This has always been and will continue to be a top priority for committed service providers, like Peak 10, who employ extraordinary security measures to protect and maintain the systems customers depend upon.

No one can possibly anticipate or track all security threats. However, partnering with a trusted service provider that offers managed network security services, businesses can protect data and protect against threats before it’s too late, protecting the customer, as well as their bottom line. As a final preparation for the onset of shopping season, be sure to follow these seven steps:

1. Firewall: This is the first line of defense. Firewalls act as an intermediary between your computer and the outside world. Check that it’s on. Different operating system versions have different procedures for enabling firewall protection. A network administrator will occasionally disable a firewall and neglect to put it back into service.

Anti-virus protection software must be updated with the latest virus definitions to be most effective. Do so with every computer in your business.

Assess the state of firewall rules. Over time redundant, conflicting and unused rules can accumulate and create havoc for effective firewall management.

2. Patch-work. Data thieves are increasingly targeting SMBs. It’s the path of least resistance compared to larger companies. Keep your operating system, security software and applications current with security updates.

3. Hidden from view. Secure and hide your WiFi network by configuring your wireless access point or router so that it doesn’t broadcast the Service Set Identifier (SSID). Require passwords for access. The administrator’s password that came with the device when you bought it? Change it.

4. What’s the password? Require employees to change passwords frequently for each program, computer and account. Passwords should be unique and strong, but easy to remember. Laptops, smart phones, tablets and flash drives that contain confidential information should be encrypted and password-secured.

5. Assume trouble. A data loss can cripple a small business. Review your data back-up strategy, the frequency with which important business data and information is copied, and where it is stored.

6. Shop securely. Remind employees to only shop with retailers they know and trust. Web browsers such as Internet Explorer and Firefox display a padlock icon to indicate that a website is secure; it also displays https:// in the address bar.

7. Be clear. If you allow it, monitor it. If you don’t allow it, block it.

Concentrated network use, e.g. Cyber Monday, can drag down performance by straining bandwidth. Monitor bandwidth and traffic, as well as user workstation activity and behavior. Communicate the rules to employees and flag abuses when they happen.

David Kidd, Peak 10’s Vice President of Governance, Risk and Compliance, has more than 20 years of management experience in information technology, security, and regulatory compliance). David oversees Peak 10’s information security and compliance programs. For more information, visit www.Peak10.com.