OREANDA-NEWS. October 01, 2015.  “According to the Australian Retailers Association, retail theft forms part of the largest crime category in Australia, costing the retail sector more than \\$7.5 billion each year,” writes Alan Fanarof. “Retailers make a particularly attractive target for hackers, thieves and even nation states.” Excerpts:

“The best way to respond to a data breach is not to have one. That means doing everything possible to prevent sophisticated (and not so sophisticated) hackers from breaking and entering.

Every organization has actual and potential vulnerabilities. While retailers will never know them all, they can anticipate and manage them better with continuous and collaborative vulnerability assessments to help measure exposure.

Never assume that something has been done or been fixed. Demand proof. Make sure to confirm the status of everything on every network. Far too often, hardware isn’t updated with the latest security measures because nobody believed the devices were part of the network. So validate all assumptions.

Each retailer will know its own network, but that network isn’t the only thing on a retailer’s network. There are point-of-sale terminals, suppliers, administrators, HR managers and thousands of others hanging on to the network from the outside. Know who they are and what their security looks like. It is not enough to have a contract requiring partners to secure things on their end, the security of all partners must be tested too.

Every single POS terminal must have its defaults removed, and this must be checked frequently. The same is true for every wireless router and connection. The retailer must validate its entire supply chain to prevent malware insertion—and insist that all its vendors do the same.

Know your vendors. This includes not just hardware and software suppliers, but also lawyers and accountants, HR and recruiters, architects and engineers, consultants and third parties, cloud providers, business and technology service providers and consultants. Make sure they are trained and agree to your policies and data procedures. Then work up their supply chains.

Once the Internet of Things (IoT) is fully realized, there will be exponentially more data exposure, vulnerable handlers and open doors—billions of them—by way of all the new connected devices. Develop a strategy that makes these IP-aware and addressable devices work for you, instead of against you.

When confronted with new technology and its associated liability, too many companies are too quick to say “No”. If a retailer prohibits useful technology, its people will just move to simpler, often less-secure workarounds. So at least say “Maybe”, although “Yes” is better. Then secure whatever is deemed useful.

Preventing data theft is a company-wide concern, fundamental to the very core of retail. Security is not something to simply bolt on; it is integral to every single business decision. Thus, security is a CEO and board of directors’ issue.”