The recent data security breach at hardware retailer Bunnings Australia is a timely reminder that retailers have become a primary target of cybercriminals.
According to Sophos, ransomware attacks hit 44 percent of retail organisations in 2020, and many paid a very high price. The average cost of recovery from a ransomware attack in the retail sector was nearly US$2 million. The costs included downtime, people time, device cost, network cost, lost opportunity, and ransom paid to recover encrypted data.
This piles pressure on retailers to secure their data and protect the personal information of their customers. If you’re a retailer, here are four ways you can keep the bad guys at bay this year.
1. Get the right data storage
Retailers need to manage and protect a lot of data, from credit card numbers to email addresses to invoice information. The list goes on and on. Having the right data storage solution enables you to protect that critical data, even if you’re a victim of a ransomware attack.
Your business should look for an immutable data storage solution that safeguards information continuously by taking snapshots every 90 seconds. You can still recover your information even if ransomware does sneak through and your data is overwritten. Because these snapshots are immutable, there will always be a series of recovery points, ensuring that your data will be safe.
2. Strengthen your weakest link
Firewalls, endpoint protection, email security, etc., are all crucial. But backup and recovery are also a critical part of the overall IT security solution. And if it’s not done correctly, it will be your weakest link. Having a comprehensive backup and recovery plan lets you protect your data if disaster strikes—not just a cyberattack but also basic incidents like a power outage or hardware failure.
Your backup and recovery plan should include a simulation of business disruption to assess your strategy. It should also include regular testing of your backup images so you can resolve potential issues before they occur. Retailers with a recovery plan are more likely to escape maximum damage and permanent data loss.
When it comes to data protection, you should hope for the best and prepare for the worst. Having a solid plan in place can ensure your business remains at the top of its game during the all-important holiday shopping season.
3. Understand that not all data is created equal
Data tiering is critical for retailers. The approach involves moving less frequently used data, or less vital data, to lower storage levels for cost, recoverability, and availability. The premise is that not all data is created equal, so it’s essential to have different sets of policies based on how critical the data is and how quickly you need to access or recover it.
Yes, it’s good to have your quarterly results at hand. But if you lose access to that information for a few hours or days during the height of the shopping season, it won’t hurt your sales. However, if your business’ price list is compromised or your delivery addresses are not accessible, it could have an immediate and profound impact on your business. That’s why it is important to prioritise your data and understand the value of each piece of data.
4. Protect your data in the cloud
Many retailers operate in the cloud. They need to realise that cloud security is a shared responsibility between them and their cloud provider—and that the sharing is not divided entirely equally. The retailer is primarily responsible for protecting their data in the cloud, not the service provider.
Top-tier providers like Microsoft Azure, Google Cloud Platform, and AWS typically secure the core infrastructure. But when it comes to securing data, that responsibility falls squarely on the shoulders of customers. Retailers who fail to grasp this simple fact are much more likely to suffer a data loss.
You should be aware of your responsibility, ensure that you have the proper protections in place, and regularly test your ability to recover from data loss if it happens.
By Leo Lynch, Vice President, Asia Pacific, Arcserve.