How to avoid being hacked like a national retailer

It seems no one is safe from cyberattacks, even the big brands with seemingly big budgets for security. If the recent incidents involving Co-op, M&S and Harrods taught us anything, it’s that security in retail is more important than ever, whatever your business size. Read on to discover how to avoid the same fate as these three major British retailers, and which areas of security you should focus on to protect your people and your profits.

So, what happened to Co-op, M&S and Harrods?

The cyberattacks on Co-op, M&S and Harrods have been headline news since April, with the UK National Crime Agency (NCA) only just securing arrests. It transpires that the attacks – which are suspected to have hit the brands financially to the tune of £440 million – were masterminded by just four people, including three teenagers.

The hackers targeted Co-op, M&S and Harrods over a period of two weeks in total, using ransomware to infiltrate their systems and cause disruption to the retailers’ online operations. The attacks began with Marks & Spencer, which only noticed an issue after multiple customers reported experiencing problems with click and collect orders and contactless payments.

A short time later, Co-op made the decision to shut down its systems in response to an attempted cyberattack. Harrods was the last to be targeted and took the same tack as Co-op, causing mass disruption across their online arm.

How can you prevent breaches like this?

These cyberattacks hit all three retailers hard, with financial losses and stolen customer data just the beginning of the devastation. Shares dropped, online business was lost, shelves in physical stores remained empty, and recruitment of new staff was paused. In light of these events, the NCA has advised all businesses to review the security measures they have in place to prevent cybercrime.

Being prepared for such attacks is the key to success. Testing the systems you have in place with phishing simulations can highlight any loopholes that could be exploited by hackers and need to be closed. Your staff are also an important defence against cybercrime. Give them the necessary training to respond appropriately to breaches. Your reporting processes should be finetuned too. Make it simpler to spot and report suspicious activities or emails, so you can act fast.

The secret to keeping your customers safe?

While there are many more protocols that remain crucial to the protection of your business, there’s one area in particular that’s critical – card payment security. Every business that accepts card, and transmits, processes or stores any cardholder data requires Payment Card Industry Data Security Standard (PCI DSS) compliance. Achieving compliance is made significantly easier by working with an experienced PCI QSA.

An SRM Qualified Security Assessor (QSA) has been certified by the PCI Security Standards Council, and can be called upon to audit your systems with compliance in mind. With their recommendations and guidance, you can achieve compliance, register the necessary paperwork, and keep your customers (and their data) out of the wrong hands.