A security expert says no merchants are immune from the threat.
Size doesn’t matter when it comes to the threats posed by criminals seeking to steal consumers’ identity and financial data from retailers—especially during the hectic holiday season, says Jeff Schmidt, founder and advisor of JAS Global Advisors.
“The vast majority of security issues arise because criminals are looking for low-hanging fruit,” he says. “Criminals aren’t looking for a challenge.”
But small retailers and other small business owners don’t always believe they are under threat. A recent survey found that nearly 50% of small retailers and other small business owners believe it’s not worth the cost and time to fully secure their businesses against fraud threats. And 85% of respondents said they believe they are less of a target than large companies and 54% said they are more prepared to secure sensitive customer and corporate data than larger businesses.
That mindset can lead small retailers to fail to adequately secure data, such as consumers’ names addresses and shopping data. “Anything that is personally identifiable has to be protected,” he says.
That’s because criminals aren’t only looking for financial data. They’re interested in a range of information, such as birth dates, e-mail addresses and shipping addresses. “Retailers have to take a step back and look holistically at what might be interesting and valuable to an attacker,” says Schmidt. “Then they have to make sure that that data is secure.”
They don’t just have to protect that data from outside criminals, they also have to monitor their internal staff that can access that data, he says. “The insider threat is real, particularly around the holidays when someone might be short on cash and everyone is distracted with the rush of business,” he says.
To avoid those issues retailers need to regularly monitor and log who is accessing the retailer’s data and when.
Another potential problem can arise from small retailers that store data on laptops or even thumb drives that aren’t encrypted. Those devices can easily be lost or stolen, making them a serious risk, he says.
That’s why all retailers have to encrypt that data, which can be done for free using tools found on the most recent versions of Windows or or the Mac operating system. A range of vendors also sell encryption tools that make the process extremely simple, he says.