5 Tips for Retailers to Prevent Holiday Season Cyber Attacks

The 2021 holiday shopping season is upon us, and the National Retail Federation (NRF) expects sales to rise by 8.5% to 10.5%, an all-time high. However, retailers are also facing serious challenges, including labor shortages, global supply chain disruptions, and cybersecurity concerns. In a recent survey by the NRF, 76% of retail loss prevention professionals stated that cybersecurity-related incidents have become a higher priority at their companies over the past five years.

With consumers embracing omnichannel shopping experiences, including home delivery, curbside pickup, and buy online, pick up in store, the line between “in-store” and “ecommerce” sales has been blurred, and retailers are facing different cyber threats than they did in the past. In addition to attacks against point-of-sale systems and customer databases, retailers face distributed denial of service (DDoS) attacks, credential-stuffing and other malicious bots, ransomware, rewards program attacks, and supply chain cyber attacks.

How Retailers Can Secure their Stores Against Cyber Attacks

Keep your holiday selling season merry and bright with these security tips:

1. Make sure all of your websites and mobile apps have dedicated protection against malicious bots and DDoS attacks.
2. Apply all software and firmware updates as soon as possible after they are released. These updates frequently contain important security patches.
3. To prevent supply chain attacks, establish clear and comprehensive security requirements for your IT service vendors. Consider requiring that they hold an SOC 2 Type 2, ISO 27001, or similar security certification.
4. Train all of your employees on cybersecurity best practices, including front-line cashiers and salespeople. They, too, have to log into your network to do their jobs! All employees need to be educated on basic cyber safety.
5. Implement a zero-trust security architecture and comprehensive password security controls, including the use of strong, unique passwords for every account, Multi-Factor Authentication (MFA) on all accounts that support it, Role-Based Access Control (RBAC) and least-privilege access, and an enterprise password management (EPM) system like Keeper.

Over 80% of successful data breaches, and nearly 75% of ransomware attacks, are due to compromised passwords. Keeper’s zero-knowledge, enterprise-grade password security and encryption platform gives IT administrators complete visibility into employee password practices, enabling them to monitor adoption of password requirements and enforce password security policies organization-wide. Keeper takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs of any size organization.

Not a Keeper customer yet? Sign up for a 14-day free trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.