Promising service after the sale is an important aspect of selling and customer service. Whether purchasing a product or service, customers like to know they’re covered if something doesn’t go as expected. Retailers know offering this peace of mind helps customers feel more confident to spend and enjoy greater satisfaction with a purchase.
But what about service after the sale when it comes to customer data? A warranty won’t help if the part that needs fixing is the exposure of a customer's sensitive payment information. In today’s day and age, data protection should be baked into the brand and become an integral part of what retailers provide long after a purchase is made.
Retailers know they’re a top target for high-profile cyberattacks as they rapidly adopt digital transformation and cloud technology. In the recently released 2019 Thales Data Threat Report-Retail Edition, 42 percent of U.S. retailers report they’re aggressively embedding digital capabilities, and almost two-thirds said they’ve experienced a data breach in the past year. Even with mass digital transformation underway, less than 36 percent of retailers encrypt the data they collect and store, and security budgets are shrinking. Why?
Managing the Complexity of Data Security in the Retail World
Complexity, named in the report as a top barrier to data security, is one cause for the extremely low data encryption rates. Despite recognizing the importance of protecting sensitive data, some retailers feel they're unable to properly implement security amidst fast-changing infrastructures, partnerships, less mature governance and smaller IT security budgets. Additionally, retailers can become encumbered with their legacy technology environments, and struggle with applying security architectures across older infrastructures.
There’s also a very common — and false — perception that encryption is too complicated and it slows down database performance, negatively impacting sales. The fact is, encryption tools today are far easier to adopt and leverage than they once were. Significant technological improvements enable retailers to adopt effective encryption solutions that don’t hinder online performance or operations and are virtually invisible to customers.
Another aspect fueling complexity is that as more services and sensitive data move online, the potential “attack surface” expands, creating a greater number of ways an attacker can penetrate a network. The threat vectors retailers face are broad, fast changing and global, making it difficult for companies to prevent and detect them. These vectors include cyberterrorists and hacktivists, as well as internal threats from within a retailer’s IT organization.
Data security can be complex, but when carefully designed — like good customer service post-purchase — it works. And with the right security partner, retailers can focus on their real expertise and keep customers happy in the long run.
6 Data Security Best Practices for Retailers
Below are recommended best practices for retail organizations to follow when it comes to data security:
- Focus on all threat vectors. Retailers should recognize that threats can come from anywhere, externally or internally. As cybercriminals evolve their methods, so should retailers. Partnering with security experts that can identify all points of entry an attacker might exploit is a great first step.
- Invest in modern, hybrid and multicloud data security. Yesterday’s defenses are no longer sufficient. Retailers should find solutions that span legacy systems as well as modern, cloud-based transformation technologies.
- Find solutions that do more, with less. Data security budgets are decreasing. Security professionals need to acquire solutions that let them address multiple layers of security concerns in a cost-effective manner.
- Prioritize compliance issues. New compliance laws are imminent; retailers need to build flexibility for this into their new technologies.
- Don’t confuse compliance and security. Compliance is critical, but retailers shouldn't adopt a “just pass the audit” mind-set. This can prove to be very shortsighted.
- Encrypt everything. As data migrates away from enterprise premises and into the cloud, retailers need security methods that protect sensitive data everywhere it goes, end-to-end and in between.
Tina Stewart is vice president of global market strategy at Thales, the worldwide leader in data protection, providing everything an organization needs to protect and manage its data, identities and intellectual property through encryption, advanced key management, tokenization, and authentication and access management.
Related story: What Modell's is Doing to Protect its Customers’ Data
Tina Stewart is VP of Global Market Strategy at Thales, the worldwide leader in data protection, providing everything an organization needs to protect and manage its data, identities and intellectual property – through encryption, advanced key management, tokenization, and authentication and access management.