Information technology in the retail industry is crucial. It simplifies administration and enhances the service for shoppers.
Customer details and loyalty programmes, advertising, company data and accounting are handled through it.
Yet these benefits can easily backfire, says Ash.
He says leaving technology unsecure could risk pricing plans, business strategies and intellectual property being stolen.
“If you lose the trust of your customers, if your IP is stolen or company data is breached, you won’t stay in business very long,” he says.
“Conversely, if you invest in good security practices, customers and staff can have confidence that you are looking after their information.”
Customers’ personal information is especially of interest to hackers.
High-profile data breaches in the United States have demonstrated just how much destruction cyber criminals can cause if they get hold of it.
A 2013 attack on the US chain Target’s point-of-sale system resulted in the details of 40 million credit cards being stolen.
Some of the repercussions of the hack included Target’s profits falling 46 percent while the company battled multiple lawsuits against banks and customers.
The damage control was estimated all up to cost $US61 million.
Localising the threats
Though our geographical isolation at the bottom of the world may give Kiwi business owners a false sense of comfort, Ash says cyber attacks are happening to retailers here too.
“Unfortunately the nature of internet technology and online payment systems means that the New Zealand retail sector is not immune to this threat,” he says.
Research by Vodafone in 2014 found that 56 percent of New Zealand businesses claimed to have been attacked at least once per year. Small businesses were also found to be the target of 30 percent of online attacks.
Ash says Kiwis tend to be a trusting bunch when it comes to cyber security.
He says they don’t realise how useful cyber criminals find personal or company information, which may explain why many people don’t secure their work devices.
Connect Smart research from April 2014 found that 56 percent of Kiwis don’t have a password on their work iPhone or tablet, and 48 percent don’t have a password on their work smartphone.
Vodafone research also recently found that 83 percent of lost iPhones compromised business data, showing how important it is for staff to have privacy training.
Safeguarding your business
“The best way to overcome this is by building a culture of good security practices where everyone understands they have a role to play in protecting the information of the business,” Ash says.
He says business owners should think about their vulnerabilities, such as how their staff handle sensitive data and the way they use different mobile devices and USB drives.
Staff privacy training is also important, he says, as social media and internet privacy can be compromised both inside and outside of a work context.
As for actions that can be taken by individual staff members, he says it’s important to secure all devices so your smartphone or tablet is as safe as your computer.
“Protecting yourself also protects friends, family and work. Having your personal information compromised is more than an inconvenience and can have major consequences for you and everybody you know,” he says.
Ash says in 2015, SMEs should be on the lookout for reports about what’s going on in the cyber crime world and thinking about how it might affect their business.
Connect Smart is an initiative by the government’s national cyber policy office that promotes ways for individuals and businesses to protect themselves online.
For retailers, Connect Smart has worked with Vodafone to produce a SME toolkit that determines whether your business is vulnerable and what to do about it.
This involves a four-step process, where SME owners can assess their cyber security, develop a cyber security policy and an incident management plan, and review and update network security systems.
To view and download the free toolkit, click here.