Reg Harnish

Originally published by Total Retail

This holiday shopping season, retailers and customers alike may think they’re safe from cybercriminals because they’ve beefed up their antivirus and firewalls. After all, hardware and software is synonymous with security, isn’t it?

While it’s a small step in the right direction, when it comes to ensuring the security of your company and your customers, technology isn’t enough. The biggest victims of hacking in recent years — Target, Home Depot, eBay — all had hardware and software too, yet they still ended up in the headlines. Far too often, it’s the people and the process, not the technology which leaves retailers exposed to cybercriminals.

Eighty percent of airplane accidents are caused by pilot error; cybercrime is very similar. Every year, retailers spend billions of dollars for frontline defenses against theft and fraud, but ignore critical areas where the real risks resonate, such as employees.

While security breaches continue to flood media outlets, many businesses still aren’t taking the necessary steps to improve security. A recent surveyshows that 94 percent of consumers demand increased security, indicating cybercrime may soon become a threat to market share as well as security.

If there’s any good news this holiday season, it’s that hackers may not be as focused on stealing credit card numbers. New security features are giving consumers the edge — temporarily at least — until hackers find a way around them. Credit card balances are also usually higher during the holidays, which makes stolen cards less valuable on the black market.

However, there’s bad news too. Hackers have shifted their focus to something far more dangerous: identity theft. After all, a stolen credit card has a short shelf life. Identity theft is the gift that keeps on giving.

While retailers are getting smarter, cybercriminals are getting smarter faster. Security isn’t easy, fun or foolproof, but you can adopt some best practices to minimize the risk and limit the damage when your security is breached.

Here are a few things retailers can do now to secure their customers this holiday season:


1. Provide guest checkout. Make it as easy as possible for your customers to check out as a guest. Don’t permanently store any data that you don’t need to do business.

2. Provide customers with an easy way to report online problems. This will give them confidence in your business and can help you quickly identify a security threat before your exposure grows.

3. Brace yourself for what’s likely to be a difficult shopping season. Be prepared to respond to incidents and breaches.

4. Develop a future strategy to look at security in a new way — not as a problem you fix with one-time solutions, but a long-term battle in which you must continue to evolve to meet new threats.

There are things your customers can do to protect themselves as well, like checking their bank and credit card statements regularly and using credit cards, not debit cards.

Improving security can save consumers more than money – it can help protect them from the crippling pain of identity theft. Taking steps to protect your customers isn’t just the right thing to do, it’s a down payment on peace of mind and customer loyalty for the long term.

Reg Harnish is the CEO of GreyCastle Security, an information security consulting firm.