Hardware Retailing

SEP 2016

Hardware Retailing magazine is the pre-eminent how-to management magazine for small business owners and managers in the home improvement retailing industry.

Issue link: http://www.hardwareretailingarchive.com/i/717393

Contents of this Issue

Navigation

Page 76 of 106

HARDWARE RETAILING | September 2016 72 Hardware Retailing: Is cybercrime always a constant threat to businesses? Tom Litchford: I think as long as you have an internet connection, these guys are going to be looking to get in. I think all businesses are being targeted. HR: What information should retailers carefully guard against data theft? Litchford: I think when you look at the retail industry right now, the primary data that the bad actors (cybercriminals) want is your credit card data, because they can take that data and easily monetize it in terms of selling those numbers, creating counterfeit credit cards, using them to buy merchandise. In retail right now, the big target is point-of-sale systems. I will say, too, the other thing I would be extremely careful with is something called Locky ransomware. What these guys are doing now is embedding their malware in Microsoft Office documents such as Word documents and sending you what we call a phishing email. They get you to bite on this phishing email. You open the Word document, and then next thing you know, you have Locky ransomware, which then basically encrypts all of your system, even network attachments that it can find, and then asks you to pay for them to give you the unlock key. Donna Embry: Protecting sensitive credit card or debit card data is paramount. If a retailer is doing e-commerce, it's critical to install firewalls and anti-virus software to protect from hacking or skimming the payment information. In addition to payment card data, any personal data such as social security numbers, passwords or even employment history is vulnerable to use in identity theft schemes. It is important to review website addresses to ensure that false links have not been inserted, so that customers go to the real website and not a pseudo-site. If the retailer uses cellphones for mobile payment, protecting that information is equally important. There are also the back office vulnerabilities that sometimes get overlooked because of the focus on POS or payment data. If a retailer has a personal computer in the back office that's used for email, financial data or personal information, you'll want to make sure that it is properly protected. Donald Smith: POS systems are a main concern, and with migration to mobile payments, customer communications and facility access managed via mobile device, small business owners should think of systems and multiple access points when considering cyber security. Many initial hack attempts are still delivered via simple attempts like phishing scams, instant messaging, phony websites and the like. HR: Why would a hacker or other data thieves target small businesses? Embry: The hacker may feel that smaller businesses aren't on the radar. If a data thief can go to an area and find 10 small businesses that are easy targets under the radar and aren't paying attention, he or she may choose to hit several small businesses instead of one big company. If a criminal is putting a skimmer on a machine, they're doing so because they feel that they can get away with it. Additionally, the press picks up on larger hacks based on the size and scope of the compromise, which leads to increased measures of implemented security features. It really depends on what the criminal is looking for. If they see a way through your business to get to a larger entity such as a processor, they may target you. These crooks are very smart; they do their homework. Litchford: Large retailers are encrypting data now from the time a card's swiped to the time it gets to their processor for approval. So the [criminals] can steal that data all they want, but if it's encrypted, they won't be able to use it. The other half of that is something called tokenization. Once the processor has the data for approval, they send it back to the retailer in something we call tokenized form so that 16-digit credit card " A cybercrime can compromise business continuity, customer trust and financial resources— all impacting a business' current operations and the future viability of the business. " —Donald Smith, U.S. Small Business Administration

Articles in this issue

Archives of this issue

view archives of Hardware Retailing - SEP 2016