More Locations, More Risks
News stories about data breaches at retail establishments appear all too frequently these days. Target captured the headlines late last year when 40 million customers had their records stolen. In 2014, Michael’s, P.F. Chang’s, and now Home Depot have all made headlines after suffering massive data breaches.
Why are so many brick and mortar stores under constant attack when tech-based, data-heavy online retailers like Amazon seem like better targets? Online stores are not immune, far from it, but the technology used to run online stores is frequently updated to improve customer experience, close known security holes, or stay one step ahead of the competitors. At the same time, the hardware in brick and mortar stores is replaced and updated much less frequently, creating an environment ripe for exploitation.
Credit Card Payment Systems
Restaurants, gas stations, and retailers have all come to rely on the quick credit card swipe as a method of payment. It’s estimated that more than 66% of purchases are done with credit cards, debit cards, or gift cards. Online retailers also rely on credit card purchases, but their systems don’t require a swipe and the lack of hardware makes it more cost-effective to update the software. Conversely, older credit card scanners may sit in place without being replaced or updated for years in physical stores. Recent breaches have taught us that these systems need to be evaluated regularly to ensure that they provide appropriate security.
At Target, attackers found an entry point through an outside HVAC servicing company. Geographically diverse physical locations require facilities maintenance and management that is equally diverse, giving more people access to systems. When you operate lots of stores, top-to-bottom security assessments and mature IT governance are essential, because they allow you to review every entry point—from employee logons to price scanners—and determine where the risks are, mitigating them before criminals exploit them.
The hackers who infiltrated T.J. Maxx’s systems a few years ago, perpetrating the largest data breach ever at the time, exploited weak encryption on wireless networks in some stores. For businesses that rely on geographic distribution to attract customers, there are more opportunities for individual stores to fall through the cracks or for individual employees to facilitate a breach, accidentally or intentionally. Comprehensive risk management helps business develop multi-year risk plans that keep the organization focused on risk mitigation.
Protect Your Business & Your Customer Data
Businesses with numerous physical locations face many unique threats. It is possible to mitigate the risks, but doing so requires a well-established, consistently applied, up-to-date culture of risk management. There are some costs associated with implementing this, but they are significantly smaller than the costs of a large, newsworthy breach that erodes customer trust and weakens sales.