When preventing the type of data breaches that have recently gotten the names of several major retailers in the news for all the wrong reasons comes up, the discussion focuses almost exclusively on what type of technology should be employed to prevent them. IT is certainly a cornerstone of any retailer’s data security defense, but as explained in a Tech Boot Camp session at Chain Store Age’s 50th annual SPECS conference, a dose of common sense also goes a long way toward preventing unwanted visitors from entering your company’s network.
Bryan Sartin, director of the risk team at Verizon, told SPECS attendees that too often, retailers fail to focus on the real question raised by data breaches: How did malware get into the network, make its way to get the data, and then bring it back out? By applying some common sense to how technology security is applied, retailers can stop malware before the need to answer this question arises.
Cutting Off Cyber Attacks at the Source
According to Sartin, one simple and effective means of limiting the chances of a data breach is to recognize the geographical nature of these attacks. He told the audience that nearly eight in 10 cyber attacks originate in Eastern Europe, with 58% coming from Romania, 12% from Armenia and 8% from Russia.
“You can mitigate the vast majority of attacks by blocking out parts of the world where you don’t do business,” said Sartin. “The technology and knowhow has been around since the mid-1980s.”
Some U.S.-based retailers may do business with Eastern Europe and not be able to automatically block all digital traffic originating from the part of the world, but the larger principle remains valid. Most things in life follow certain patterns and originate in similar ways. Look for any and all patterns of how suspicious cyber activity in your network originates, and use technology to detect those patterns and cut it off at the source.
It Takes Two Factors to Get It Right
Sartin pointed out that allowing third parties remote access to your network is another major entry point for hackers. Desktop sharing programs, as well as virtual private network links that allow outside access to your internal systems, are both common sources of malware and other cyber attacks.
In today’s collaborative business environment, allowing this type of remote access is often necessary. Fortunately, the use of two-factor authentication can help greatly reduce the innate risk associated with giving outside parties access to your network. To use the well-known example of criminals using phony vendor credentials to enter the Target network through a dedicated VPN link, if those credentials had been bolstered with the requirement of a PIN not stored on the vendor PCs, the attack would have never happened.
Mind the Store
When it comes to the popular “skimming” technique of criminals tampering with card readers so the swipe delivers financial data to them, basic store-level surveillance and loss prevention technologies can be highly effective preventative tools. Skimming generally requires the manual altering of the card reading hardware, often with the assistance of dishonest store personnel. Video monitoring, POS-level security systems that can include biometric identification, and even basic alarm technology can all greatly reduce the opportunity for thieves to gain unauthorized access to card readers, whether they come from inside or outside your organization.
Technology cannot stop data breaches by itself, and neither can common sense. Even when combined they will not stop every single attempt to steal your customers’ personal and financial data, but they can stop the vast majority of them.