- With the increasing move to online channels, cyber security is a very real concern for retailers and begs the question: how ready are Australian retailers for potential threats
- Consumers are becoming increasingly aware of the importance of cyber security and potentially more understanding of the need for security ‘checkpoints’ during the checkout process
- Retailers are challenged with the need to address a delicate balance between internal use of cyber systems with a need for new platforms to enhance customer engagement
Recently retail industry leaders gathered to hear insights from US based Best Buy executives John Valente (VP & CISO, Enterprise Information Protection & Corporate Systems) and Kia Hakimi (Director, Forensics Investigation & Incident Response).
Led by Steve Ingram, PwC’s National Cyber Leader, the group discussed the evolving cyber security landscape in the retail and consumer space. As more customer information is being captured and cyber crime is becoming ever more sophisticated and disruptive, are retailers prepared for these potential threats?
The balancing act: Cyber security and customer service
The issue for retailers lies in balancing internal IT systems that store confidential data and customer information, with the need for their online environment to be a customer service enabler; for example, offering free WiFi in-store. A retailer’s internal data world must never meet that of the customer and would put them at risk of compromising data security and reputation.
Additionally arming a business against cyber security could mean some extra steps in the sales process, which may affect the retail experience. Shopping cart abandonment (where customers abandon a purchase just before checkout) is already a challenge for retailers and added security measures may be a further impediment to the online sales process.
According to Valente, consumers are becoming more aware of the need for security ‘checkpoints’ during the checkout process, which would hopefully translate to them being understanding of security-related delays during the purchase process. However even with awareness and education, the reality of limited purchasing time doesn’t necessarily allow for forgiveness.
Consumers are starting to realise the importance of cyber security, and while they might make allowances for certain delays in the checkout process, the reality of time constraints and interruptions may mean retailers have to look at ways they can make data security measures as non-invasive as possible.
Staffing for security
Other specific cyber security challenges can arise from increasingly popular bring your own device (BYOD) initiatives, mobile POS devices, along with store associates unknowingly leaking sensitive product information and staff turnover.
Think about what happens when a staff member innocently takes a picture of a screen containing sensitive data and distributes it via their (multiple) social networks?
Most retailers would also agree that when staff members leave, it’s better for them to be brand advocates, however this is not always the case. In the US, where the turnover rate for store associates (or floor staff) hovers at around 65%, the sharing of data becomes an issue with potential for breaches. With the Australian retail industry responsible for 1.2 million jobs nationally and given the steady movement of employees between businesses, it becomes imperative for retailers to think about security best practice.
A key takeaway from the event was for retailers to think about what procedures they have in place at a store level to deal with these types of breaches and for them to gain an understanding of the (minor or major) impact that this would have on their business.
Understanding how to protect
The old adage of ‘getting the house in order’ in the rapidly changing digital economy is most definitely applicable to having robust cyber security processes and procedures.
In order to gain a true understanding of how to protect from threats, for retailers the first step is in understanding where their data actually resides before putting themselves in the shoes of adversaries. Investing in platforms then not using them is another practice retailers should avoid, given this heightens the risk of losing control of data which might be vulnerable to a security breach.
With security and protection equally important to consumers and businesses, what is clear is that there is a need for greater education, awareness, understanding and collaboration on all fronts.