Retailers Beware and Be Smart: Take Measures to Help Protect Against Cybercrime and Minimize Your Exposure

Retailers Beware and Be Smart: Take Measures to Help Protect Against Cybercrime and Minimize Your Exposure

Many retailers around the country have been feeling a little uneasy after the FBI released a report entitled, “Recent Cyber Intrusion Events Directed Toward Retail Firms,” warning everyone that cyber-attacks similar to the one suffered by retail giant Target are likely to become more prevalent. With over 20 major retailer attacks in 2013, it is even more important for retailers to increase their diligence and vigilance over their devices and servers as hackers and diabolical tech geeks are becoming more sophisticated and skilled at getting what they want. While retail has not been hit as often or as hard as banks, the recent successes will spur more hackers to attack “softer targets” like retailers since it is proven that the retail can be lucrative.

Between November 27th and December 15th, 2013, the mega-chain store fell victim to a sophisticated hack that compromised the data of tens of millions of customers. The attack was achieved by use of “memory parsing” software that effectively reads point of sale (POS) transaction data that is coming off the card and temporarily stored in RAM prior to its encryption and forwarding for processing. Target’s intrusion happened for about 19 days before it was noticed and overall it compromised 40 million credit cards and over 70 million personal details of customers. Similarly, Neiman Marcus was also hit on 1.1 million credit cards by the same type of malware.

Small-to-medium size businesses should heed the important advice the FBI offers with regards to protecting the computers they use in their back offices. The following points are shared via their website:

Retails Protect Against CybercrimeKeep Your Firewall Turned On: A firewall helps protect your computer and devices from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some For multiple networked computers, hardware routers typically provide firewall protection.

Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on theInternet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.

Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

Be Careful What You Download: Carelessly downloading email attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.

Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

For more information on Internet schemes and how to protect yourself online, see the following areas:

  • FBI Cyber Crimes Stories
  • New E-Scams and Warnings
  • Botnets and Hackers and Spam (Oh My!)
  • FBI Cyber Investigations
  • File an Internet Crime Complaint

Heeding the following recommendations may also help in keeping your retail business more secure from cybercrime:

Be careful to whom and where you outsource tech support, with special attention to countries where U.S. laws and requirements cannot be readily enforced. When in doubt, choose to remain onshore instead of offshoring your key IT functions.

Be mindful that the software update push you receive is from a valid, trusted source. Without validation, you can inadvertently corrupt your business’ entire IT security process. Be diligent in checking source code and new security patches before loading to all POS devices.

You may also want to consider cyber-insurance to protect against financial losses due to a breach. While Target and other large retailers have insurance to cover credit monitoring and other related expenses, many small-to-medium sized retailers do not have adequate coverage. Check with your current insurance carrier to ensure you have some level of coverage for cybercrime. If not, there are several great companies that offer coverage which can be scaled to your needs.

If you are hacked, report the cyber-intrusion to the FBI Cyber-Security Office ASAP, via their reporting address:
https://www.ic3.gov/default.aspx

If you have any questions of concerns regarding this article, please contact:
Glenn Bellomy, CPA, Partner, Practice Leader
Consumer Product Services and Entertainment Services
732.842.3113 ? [email protected]

Learn More About our Consumer Products Services>>

How Can We Help?

Previous Post

Next Post