C-stores must prioritize cyber security this holiday season... and beyond

With Sobeys in the news recently due to an unfortunate ransomware attack, it’s time that all retailers, including grocers and convenience stores, re-visit their core network infrastructure to ensure all technologies are aligned and secured to prevent a breach or attack - especially as a busy holiday season looms. To do so not only secures customers' highly sensitive information, but it also ensures that existing and new customers continue to have a favourable brand experience. 

Data leaks and attacks impact convenience stores in several ways. Beyond the cost of paying fines and/or compensation to those individuals affected, there is also the loss in consumer confidence due to an organization’s inability to protect sensitive information. To cope with increased demand both online and in-store, businesses must have the correct technology infrastructure in place to mitigate against security breaches. 

Perhaps interestingly, while grocery and convenience stores may already take steps to prepare IT infrastructure against cyber-attacks, less attention is given to another area of organizational IT vulnerability – its mobile device ecosystem. The rapid growth of mobile technologies and the rise of the Internet of Things (IoT) across the convenience industry has brought numerous risks and challenges. 

Some devices, like mobile computers in a store environment, carry sensitive customer data that is of particular interest for malicious actors to attack. After all, if these devices are improperly managed and left unsecure, that leaves multiple open endpoints that can be exploited by a cyber-attack. And with one report stating that ransomware attacks surged 150% in 2020 (with the average extortion amount doubling), it’s clear that the time to act is now.

Get started with these security steps

To prevent or minimize any mobile security threats, all organizations must take steps to protect each area of the mobile device ecosystem. Firstly, they should ensure that they have a corporate mobility policy in place, which could help monitor who has access to what technologies, if workers can add apps to corporate devices and how sensitive data should be handled.  

Once a corporate mobility policy is in place, businesses should deploy an Enterprise Mobility Management (EMM) solution. An EMM solution controls device security, manages software and content allocation, and fixes device problems remotely. For instance, a secure EMM browser can block untrusted sites and minimize man-in-the-middle (MitM) and phishing or social engineering attacks.

EMM solutions allow managers to enforce complex passwords, encryption and separation of personal and work data to prevent data leakage of sensitive or confidential content within corporate apps.

In addition to these processes, IT managers need to ensure they are enforcing multi-factor authentication for device enrolment, certificate-based authentication for access to Wi-Fi and are mandating VPNs to prevent hackers from gaining access to sensitive data. In addition, the use of real-time location services (RTLS) and geofences, which grants access to specific applications and device features when devices enter a location-based geofence can minimize the chances of cyber-attacks and improve the chances of recovery of lost or stolen devices.

With the holidays fast approaching, the connection between retailers and customers is crucial and has the potential to make or break companies. Whether it's intentional or accidental, data loss can be damaging to a business’s brand and its balance sheet. An advanced EMM solution can ensure mobile devices are updated and secure to prevent payment and service disruption, potential security issues and downtime.