Retail Cybersecurity: Protecting Your Customers Information
Together, these data points help retailers figure out what, exactly, their customers are doing. Using data analytics and business intelligence tools, organizations can pinpoint areas of growth and evolution for the business. However, the data that matters most may differ based on the type of retail business.
“There is no one data collection type that will serve all purposes,” says Patty Altman, executive vice president of analytics for NPD Group, a market research firm. “What’s most important is understanding the critical questions being asked and holistically combining the right data sources to provide fact-based answers and solutions.”
Top 2021 Data Breaches in Retail
Data breaches have been on the rise in 2021, in part because of a growing number of phishing and ransomware attacks. The nonprofit Identity Theft Resource Center found that there were 846 breaches in the U.S. in the first half of 2021, compromising the identities of nearly 53 million people. That’s about 76 percent of the total breaches faced for the entire year of 2020
Among the largest retail breaches in 2021 were attacks involving a mobile service provider, an auto manufacturer and a fashion retailer. Perhaps the most high-profile breach, a DarkSide ransomware attack that created gasoline shortages around the country, provided a prominent example of supply-chain disruption.
Supply chain attacks have become a major challenge for NRF’s members, Beckner says. “The major trend over the past year, in addition to all these ransomware attacks, is the number of supply chain breaches. It’s not really you being breached, it’s the third-party software service or application that you’re using,” he says.
MORE FROM BIZTECH: Explore the different kinds of customer data that can benefit retailers.
Every industry has issues like these with security, Beckner adds, but customer data breaches have a higher profile because of the direct impact to consumers.
“The consequences of that, in a lot of cases, are greater than for other types of incidents,” he says, and could entail reporting to the state attorney general as well as legal liabilities.
Data Security vs. Data Privacy: What’s the Difference?
Along with securing customer data, retailers also have to be mindful of how they use it.
This is an important distinction: While both efforts involve trust, data security represents an expectation that the organization will protect data from theft to the best of its ability. Data privacy, on the other hand, represents an expectation that the organization will use the data in a way that protects the privacy of the individual — not sharing it with others, for example, or getting rid of it after a specified amount of time.
Regulatory concerns have made purging data top of mind for many businesses, including retailers. Rob Hill, president of retail for the NPD Group, emphasizes that it is important to have someone in charge of compliance with regulatory mandates such as Europe’s General Data Protection Regulation and the California Consumer Privacy Act.
“If a retailer is collecting data itself, it is important to have an expert in house who knows the regulations and best practices as they relate to data collection,” Hill says. “This is a quickly evolving area, and the integrity of the data must always be the priority.”
Regulatory compliance is never easy, so working with an outside team might keep your organization on the right path.
Gloss