Last-minute cyber security tips for retailers

The end of year holiday period is celebrated by retailers as the time when many make most – if not all – of their profit.

So it’s no coincidence that it’s also the time when cyber criminals are most active.

”Retailers always get hit this time of year,” says Rick Caccia, chief marketing officer of Exabeam, a user behavior analytics firm.

Interestingly, Enigma Software reports that he biggest single days for infections in the past two years were two weeks after Cyber Monday. Enigma believes that’s because that around then shipping for online orders begins to become a concern for shoppers, so criminals start sending bogus emails that claim to be from legitimate retailers warning of a problem with a supposed online order.

It’s too late to install new defensive products and services to boost security, or to re-architect the network so the corporate and retail sides are segregated. But there’s still enough time for CISOs to do a few things to reduce the odds of being stung. Here’s some last-minute tips:

–Already segregated the network? Great. But, warns Caccia, there can be vulnerabilities if it isn’t configured properly. “Be careful around the authentication configuration of the two networks,” he said.

–Be vigilant: Someone accessing a POS (point of sale) server from the corporate network for the first time “is a big red flag.”

–Be vilgilant: Keep an eye on what systems are being accessed by seasonal workers. They shouldn’t be near backend systems.

–Make sure in-store POS systems are locked down so seasonal workers – or quick-fingered customers – can’t get at keyboards or USB slots.

Other advice from expets:

–Now is not the time to be behind in patching.

–Warn the customer support team to watch out for callers asking for password resets without being able to answer challenge questions. Close isn’t good enough.

–Keep an eye out for fake Web sites, advertisements and apps offering discounts to your unsuspecting shoppers, warns Check Point Software.

–Don’t allow customers an unlimited number of password guesses. It could allow an attacker to make a brute force attack.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now