October is the 20th Cybersecurity Awareness Month, a month dedicated to enhancing cybersecurity awareness, encouraging actions to reduce online risk and generating discussion on cyberthreats.
In that spirit, here are four tips for retailers on how they should increase their cybersecurity posture leading up to the busiest shopping season of the year.
Invest in Cybersecurity Training for Your Staff
Retailers love the holiday shopping period, as it includes a higher level of purchase activity. Unfortunately, threat actors increase their activity level too. As we approach peak season, it’s important that retail employees are trained on the common cybersecurity threats that are out there, which threats pose the greatest risks and how best to protect corporate data.
By training your staff on the most common threats, you can make it significantly harder for threat actors to exploit personnel and gain access to your environment. Cybersecurity-savvy staff are a critical aspect of overall cybersecurity hardening.
Back Up Critical Data and Configs — and Validate
As we enter the holiday season, now is an ideal time to focus on ensuring you have backups of critical systems, network devices and data, as well as configurations. Basically, for any kind of system that is key to running your business, you want to have the ability to roll back.
By backing up configurations, retailers can save a tremendous amount of time if they ever have to restore a system.
For example, a managed network switch is compromised during an attack. If you’ve backed up the device configurations, you can easily reload the configurations to restore services much faster. Reverting back to “factory settings” does not restore any custom configurations that were previously necessary to provide services.
In addition, take time to ensure your backups are valid. For example, restore production backups to test environments in order to ensure those backups contain the necessary files to restore service.
Complete Any Cybersecurity Projects That Are Underway
Retailers often have a myriad of technology projects in progress, and while many of those projects get put on hold during the months around the holidays, cybersecurity initiatives need to be prioritized before the festive rush rolls in.
It comes down to the fact that threat actors are getting more sophisticated in making attacks that are more targeted. Retailers need to have the best possible line of defense going into peak season. And that means any cybersecurity projects that you have underway should be completed prior to November, if possible.
Say, for instance, you’ve been working over the past year to move from traditional antivirus software to Endpoint Detection and Response. Now is the time to have those solutions in place. Again, it’s important to have as many defensive cybersecurity systems in place as possible before the peak holiday season in order to reduce overall risk.
Test Disaster Readiness with Tabletop Exercises
While awareness is certainly a big piece of the cybersecurity puzzle, to be fully ready for a more secure peak season, retailers should prioritize disaster readiness testing. The phrase often used is tabletop exercises, which refers to simulating a real-world scenario to test your team’s disaster recovery and incident response capabilities. Think of it as training firefighters prior to an actual fire. The more prepared teams can be in knowing what to do during a disaster creates confidence that they can recover when an actual disaster occurs.
No retailer can afford to have their people be ill prepared when a disaster occurs. What is the chain of command? Who are the teams necessary to restore operations? How do we get updates to the executives? How do we get updates to the business? How do we recover from it? These are all questions your IT team needs to be able to address.
Whether you are simulating a full-blown outage or a ransomware attack, tabletop exercises should be part of an ongoing effort to promote cybersecurity hygiene.