Retail

Cybersecurity for the Retail Industry

The digital evolution of the retail industry has changed the way businesses handle commerce. Not only are retailers responsible for credit and debit card information; they are also entrusted with mounds of consumer demographic and psychographic data, making retailers a prime target for hackers and unwieldy cyber criminals.

Retail is among the most affected industries when it comes to Point-of-Sale (POS) intrusions. From small boutiques to mega-retailers, attacks against POS systems continues to cause headaches for store operators. There may be distinct differences between attack styles imposed on large and small organizations, but nonetheless, a breach is equally painful regardless of organization size.

In order to ensure that clients feel comfortable shopping with you and trust that their financial and personal information will remain safe, you must take steps in properly securing that information. To combat cyberattack threats, Pratum offers a number of information security services which improve the chances of preventing a successful attack while preparing to react in the event of unwanted cyber activity.

POS attacks represent 70% of all Retail breaches.

2015 Verizon DBIR

PCI Compliance

PCI compliance can be a daunting task for retailers. There are a number of steps in the certification process, and PCI data security standards continue to evolve from year to year. Fortunately, Pratum is available to help guide you every step of the way. Pratum’s compliance experts find a balance of risk and security that meets the objectives of each retailer while protecting your profit margins.

Retail Social Engineering

Technology is only part of the security formula; we must also consider people and processes. Improperly trained employees can leave a retailer exposed without them even knowing it. Humans are helpful by nature, but if improperly trained, an employee could fall victim to a social engineering attack and inadvertently assist in the hacking of the retailer’s sensitive data.

  • Pretexting Phone Calls – requesting schedule information future access to restricted office areas
  • Phishing Emails – infecting computer systems or network with malware
  • Physical Entry – gaining access to restricted areas by impersonating a maintenance worker
  • Dumpster Diving – rummaging through garbage in search of passwords or other sensitive information
  • Enticements – leaving behind documents with an accompanying USB drive in hopes of an employee plugging the drive into a company computer

Penetration Testing

The only way to test your computer systems, networks, and Web applications is by authorizing a professional penetration test. A pen test will give insight into the vulnerabilities that may leave your organization exposed to malicious attack.