Simple tips for retailers to stay cyber safe

In recent years, major retail groups such as JD Sports, Boots and Lush all have something in common; they’ve all hit the headlines after falling victim to cyber-attacks.

But cybercrime can affect any retailer, big or small: a survey conducted for NFU Mutual found that 53% of retailers had fallen victim to cybercrime. 

The research showed that the most common crime was customer fraud, affecting nearly a quarter of businesses surveyed (24%), followed by phishing scams (21%). Data theft or breaches (15%) and malware or viruses on computers (13%) were also worryingly common for retailers.

Separate research by the Information Commissioner’s Office found that retailers are among business that are at a particularly acute risk of cyber security breaches: in one incident, a hacker installed malware (malicious software designed to steal data) on over 5,000 payment terminals, enabling it to access customers’ card details when paying for their goods.

Technology that makes you a target

Retailers rely on several forms of simple technology, and unfortunately, it’s this same technology which also makes them a target. These range from simple software such as email and online banking, to applications to communicate with customers, order materials and sell products. They also include servers or digital storage facilities to hold customer and employee data; your website; and internet connected devices such as CCTV.

James Trevis, NFU Mutual’s cyber specialist, says: “Cybercrime is sadly an ever-increasing threat for retailers and the ramifications can be extremely serious, from loss of income and legal liability, to reputational damage.”

Steps to reduce the risk of cyber attacks

There are however some simple ways for retailers to boost their cyber security and reduce the chances of falling victim to cyber-attacks. These include: 

1. Use strong passwords – don’t use the same passwords across multiple accounts and services, and ensure you change factory set passwords.
2. Implement Two Step Verification – also known as Multifactor Authentication, this means entering more than just a password to log in to a service; for example, a text message or a fingerprint.
3. Keep on top of updates – Software engineers regularly update their products to improve their safety features, so it’s vital that you update all your software on a regular basis.  
4. Backup files and data – you should do this on a weekly basis and store on a separate, secure device.  
5. Training – educate your employees on cybercrime, including how to spot potentially dangerous or fraudulent emails.
6. Cyber security software – install a firewall and antivirus software on all company devices and keep them updated.  
7. Consider using a Virtual Private Network (VPN) – this will provide secure connectivity between devices in physically separate locations.
8. Remember physical security – all company devices should be securely stored and locked away when not in use. 

Stay covered with cyber insurance

Taking these steps is a great start towards better cyber security. However, even the most robust cyber risk management can’t eliminate all threats. So, consider cyber insurance too. This cover can not only support your business financially if you experience a cyber incident such as a cyber-attack or data breach, but also provide you with access to expertise such as legal and IT specialists, to help you to respond and recover quickly and effectively.

As it stands, there is a significant mismatch between the frequency of attacks and the take-up of cyber insurance: just 11% of retailers surveyed by NFU Mutual said they had taken out cyber insurance in the past 12 months.

You wouldn’t question whether to take out insurance to protect your business’ property against fire, theft or flood, and the threat of a cyber-attack is just as real. 

Find out more about NFU Mutual’s cyber insurance.