The risk of a retail data breach is on the rise globally, with hackers taking advantage of new technologies to exploit business’s weaknesses.
Small to medium businesses (SMBs) are an oft-targeted group, and new data suggests that SMB retailers, in particular, are being inordinately targeted by data hackers.
New figures suggest that retailers weathered more data breaches globally last year than any other industry, while other reports estimate that SMB retailers take an average of three years to fully recover from a breach.
Why are SMB retailers at such high risk of a retail data breach? Partly because they face the ongoing challenge of balancing the so-called “human touch” with speed and efficiency (self-service checkouts increase speed and customer autonomy, but at what cost to personal service?), and partly because – unlike larger corporations – SMB retailers are at the mercy of customer testimonials and word-of-mouth advertising.
SMB retailers are advised to follow the lead of large retailers in requiring credit and debit cards to have computer chips. Playing a huge role in reducing the incidence of credit card counterfeiting, credit and debit cards with computer chips authenticate transactions and make it infinitely harder for would-be data thieves to access personal information associated with the cards or the individuals behind them.
As with the majority of industries, SMB retailers are at the mercy of insider threats, whether caused by intentional acts or inadvertent mistakes by current or former employees and contractors. Preventing a retail data breach becomes a matter of implementing robust and workable data security policies, including those relating to hard drive shredding and document destruction, and educating staff about the policies.
By definition, retailers process numerous transaction every day, generating a vast amount of personally identifiable data that is of great potential value to a would-be data thief. And with new technologies frequently becoming available to SMB retailers, it is the responsibility to ensure that old systems are securely disposed of before a new system is implemented. Hard drives of unwanted POS machines, computers, and all related paraphernalia must be shredded in order for the information contained therein to be truly unrecoverable.