Essential Cybersecurity Strategies For Brick-And-Mortar Retailers

One cybercrime report was made every six minutes in Australia in 2023, with the average cost of a single cybersecurity breach now at $46,000 for small businesses, the most recent ASD Cyber Threat Report reveals.

Although e-commerce websites are prime targets for cyberattacks, brick-and-mortar stores face similar risks — for example, in 2019, supermarket chain Hy-Vee was hit by a point-of-sale (POS) security breach that revealed the details of 5.3 million cardholder accounts. As a retailer, it’s essential to integrate cyber and brick-and-mortar security strategies to prevent cyberattacks and protect customers’ sensitive data, so your small business continues to run smoothly.

Protect against POS malware

Cybercriminals use POS malware to steal customer data, including payment card information, and this is often made possible by a combination of outdated systems and poor security practices. You therefore need to regularly update your POS system with the latest patches to protect against vulnerabilities.

Payment card details should also be encrypted, so they’re readable only to authorised parties. Fortunately, most systems automatically encrypt this information throughout the entire process, so check that it’s a feature of the system you use. It’s also important to teach staff not to install applications like web browsers or games on the network. This prevents malware files from getting onto the payment system.

Educate employees

Employee education is another huge element within cybersecurity, so teach security best practices during the on-boarding process, as well as across regular update sessions. Your employees can’t do their part to maintain security if they’re not taught how to do so, after all. Ideally, these sessions should be short (around 10-15 minutes).

Concise, focused sessions on topics like how to recognise and report phishing emails, malware, and ransomware will keep employees engaged and more likely to remember the information.

It’s also just as important to educate employees on on-premise security measures. Retail theft is unfortunately on the rise in Australia — for example, Western Australia recorded 7,733 shoplifting incidents between July and September 2023, up from 5,421 during the same period in 2022. So, employees should be trained to lock delivery entrances, exits, and storage areas.

In fact, it’s also useful to upgrade to security doors, which deter criminals and make it harder to break into the property as they’re immovable and impenetrable. When it comes to security doors Perth excels as local manufacturers that use ultra-strong stainless steel mesh which keeps intruders out without sacrificing outside views and airflow. T

This means businesses continue to look warm and inviting to customers, while they also benefit from a valuable extra level of security.

Improve email security

Almost 75% of Australian businesses experienced at least one successful email attack in the last year. As business emails often contain private/sensitive data, a solid archival and retention policy is essential to strengthen data protection — and that goes for all businesses, online, brick-and-mortar, or a mix of both. This policy outlines how long you store all email communications before they’re permanently deleted from your system, which therefore minimises the impact of potential breaches.

At a minimum, your policy should comply with relevant industry regulations. Depending on the nature of your business, you’ll be subject to certain privacy regulations that determine how long you store emails.

Failure to comply can result in fines. It’s also useful to segment your emails into various timeframes for retention. This means your entire email database won’t have to follow the maximum email retention period. So, for example, keep general customer emails for three years, sales records for five years, and invoices for seven years.

A well-planned combination of cyber and bricks-and-mortar security is essential to protect your business on all fronts. POS and email security combined with employee education are key ways to protect customer data and keep your business safe.

***

RC

Website strategy session