Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

It’s not uncommon for business owners to treat cyber and physical crime as two distinct risk factors, with separate policies, protocols, and technologies implemented to protect against each. In modern business, however, physical and cyber security has perhaps never been so intrinsically connected.

This statement can be illustrated clearly in the retail sector, where increasingly stores of all sizes are bolstering installed security systems to protect against rising crime rates. According to the National Retail Federation, retail businesses lost $61.7 billion in 2019 due to thefts and burglaries, leading many store owners to pivot their security strategies towards advanced hardware and software tech.

Whilst the installation and operation of monitored security systems, cloud-based management platforms, and integrated security networks can help retail store owners protect their properties better and understand potential security threats, problems may arise with gaps in knowledge.

As more security features rely on the internet to communicate, the potential for cyber exploits increases, though this isn't the only reason retail stores are more vulnerable than ever to cybercrime.

When e-commerce meets physical sales

In recent years, e-commerce sales have risen by 32.1% compared to only a 6.9% increase in retail trade; combine this with additional data suggesting that as many as 87.6% of Gen Z consumers prefer to shop online and it’s easy to understand why so many physical stores also offer web-based sales.

Whilst many business owners may believe that their physical premises and web stores operate as almost separate entities, it’s likely that both arms of the business are linked via a centralized IT system. Though log-ins and pages may be unique, any communication will be spotted by hackers.

If e-commerce systems are logged into using on-premises computers, customer details are tracked, or listings are created from the same platform, cybercriminals will have ample opportunity to breach active IT systems. If physical security devices are linked, the whole system could be compromised.

Convenience vs vulnerability – managing the Internet of Things

Modern technology has been shown to improve productivity across many sectors from manufacturing to sales, with physical stores benefiting greatly from increased efficiency in stock checking, inventory management, ordering, and even security, though poorly managed IoT security can present risks.

Stores operating IoT security features such as cameras, alarm systems, and access control clearly see the benefit of managing an integrated network, allowing for informed insights and remote-access functionality. Though with all devices communicating online, unprotected systems will be vulnerable.

Whether IoT devices and wider security systems are operated via on-premises or cloud-based servers, any unencrypted communications can represent opportunities for hackers to take control, potentially gifting cybercriminals full control over a business’ physical and cyber security devices.

Complacency and human error

According to Verizon’s 2022 Data Breach Investigation Report, 82% of all data breaches are caused by human error and misuse, indicating that even businesses with well-planned and managed security systems can be prone to cyber-attacks if staff are not appropriately and frequently provided training.

Though modern cyber-attacks are more sophisticated than ever, criminals will always look for the quickest route to success, which is why simple scams like phishing attacks are still among the most common causes of data breaches and why reminding staff of how to avoid them remains imperative.

Similarly, staff downloading and operating software applications on store devices not approved by IT staff can contribute to increased cyber security risks. Known as shadow IT, as many as 80% of workers admit to using unverified, unapproved software that could compromise entire IT networks.

Overlooking best practices

In retail settings it’s common for staff to prioritize speed and efficiency over rules and procedures, and whilst there’s certainly merit in offering fast and effective customer service, this should never come at the cost of overlooking best practices. As security, PoS, and management devices continue to become more connected and reliant on internet communication, more opportunities for exploits will be revealed.

Staff at all levels of the business should be made aware of the interconnected nature of modern technology; for example, leaving one customer-facing device logged into a business account could easily lead to wider security systems becoming compromised. This is why staff training is essential.

No matter the extent of encryptions, multi-factor authentication, and tested operating procedures, it only takes one staff member to ignore the advice of security teams to expose flaws in the network. Regular training and explanations of best practices can help retail stores to mitigate these risks.

Summary

The adoption and integration of modern security technology can be something of a double-edged sword for retail stores; on the one hand, it’s impossible to ignore the vast improvements integrated systems can bring to wider security policies, management, customer service, and productivity, though on the other mismanagement and complacency can quickly lead to issues.

Retail business owners shouldn’t avoid modern technology; however, instead managers, IT, and security staff should invest their efforts in developing well-documented plans, protocols, and thorough staff training procedures to ensure that all team members fully understand what they can do to prevent data breaches and protect businesses from cybercriminals.

Lead image source.