Are retailers doing enough to secure their customers’ data?

Today, most businesses understand that data is like gold dust. But while all retailers store, transfer, analyse and use a wealth of data, both their own and that of their customers, few are taking the necessary precautions to safeguard it adequately.

As part of their business selling high-value goods, luxury retailers are dedicated to giving a high-class service to their customers. Their staff are well-dressed and their stores are often as stylish as the products they sell. They know better than most businesses that their brand gives them the single greatest advantage against their rivals and that they are selling a lifestyle as well as a product.

But how often do high-end retailers think about the huge responsibility they have, that of securing their customers’ data? Most employees who work in the stores take care of the items they sell, and provide the utmost care to their customers and are discreet about what they buy and for whom. Very few, however, even those working in other departments or in the head office, will consider data security. Cyber security might be left to the IT team alone to worry about.

Luxury retailers are responsible for securing the confidential and sensitive data of wealthy individuals and sometimes whole families. For international brands, this can number hundreds of thousands of people worldwide. In all, that amounts to a lot of high value data, data that’s also gold dust to cybercriminals.

So once retailers have a customer’s data, such as their contact details and address, or addresses, they need to make sure its secure around the clock. Their reputation is at stake. Every discerning customer wants a brand they can trust.

Extortion tactics 

Cybercriminals do their homework; they research which businesses to target to make the most money from them, how best to attack, and when. They commonly use multi-pronged extortion tactics to increase their chances of success. If they steal data they often hold the company to ransom, threatening to sell the information or publish it on the dark web. This is potentially hugely damaging for any retailer whose whole business depends on brand reputation and trust. No-one wants their personal details sold underground or leaked online. Another tactic that adversaries are increasingly using is to email the customers directly, telling them what information they have and how they obtained it. This is to encourage the customer to put pressure on the retailer to pay the ransom fee, which might be increased over time.

Criminals also sometimes encrypt companies’ databases, disrupting parts of their business and sometimes preventing them from trading for a period of time. In the UK and US, up to 60% of retailers’ revenue comes in between Black Friday at the end of November and the January sales. Criminals know that stopping a retailer from selling during this crucial season would potentially earn them a bigger payout.

Cyber security isn’t just for Christmas, but it’s particularly important to safeguard assets and data during the festive season. And it’s important to protect brand reputation all-year round.

If you would like to discuss any themes of this article in more detail with Birgitte, you can get in touch here.