Published April 11, 2019 • By Karen Walsh

Retail risk management is about much more than security cameras and insurance policies. Retail stores, whether brick-and-mortar stores or e-commerce sites are going digital as never before–this is especially true during the COVID-19 pandemic when many retail-sector stores are shuttered.

Credit-card and other point-of-sale transactions generate data and pose the risk of a cyber attack. Social media sites may attract malicious actors. Online shopping also creates a treasure trove of data ripe for attack. 

Business owners would do well to develop and enterprise risk management (ERM) program to protect their customers’ data, their vendors and business partners, and their own intellectual property. Here’s how:

Step 1: Identify and Assess

To begin, identify, and assess the full range of your cybersecurity risks. Although some risks are apparent, others might not be visible. For instance: Is your store’s thermostat or security camera connected to an application or to the cloud? Do your doors have connected locks? Using the so-called “Internet of Things” (IoT) devices increases your risk of attack. Many of these devices connect via Bluetooth, akin to a short-range radio connection. These unencrypted connections may allow cybercriminals to access your data or systems.

Step 2: Analyze

After identifying your cyber risks and assessing them, it’s time to analyze the risks. Information and devices deemed at a higher risk of data breach need stronger security controls. Cardholder data, for instance, whether stored, accessed, or processed on a mobile device application, require greater security.

Step 3: Monitor

After finding ways to secure the information, you’ll want to continuously monitor and document the effectiveness of the controls you’ve put in place. You’ll also need to review and revise your controls periodically: cybercriminals continually change their offense, so you must do the same with your defense. 

Step 4: Respond and Remediate

Now it’s time to create a response-and-remediation strategy. When your continuous monitoring program alerts you to a security event, incident, or even just a threat, what will you do? If the attacker gets in and causes damage, how will you repair your systems, recover your data and increase its protection, and remediate your brand?

Step 5: Establish a Vendor Risk Management Program

As a retailer, you do business with many partners and vendors. How will you keep them from compromising your data security? A vendor risk management program will help you identify, assess, analyze, mitigate, and monitor vendor risk.

Retail: Rife with Risk 

Retail ranked second-to-last among industries in application security, according to one recent report. Thale’s 2018 retail cybersecurity report provided disturbing statistics, as well.

  • 50% of retailers said they had experienced a data breach.
  • 84% of respondents planned to increase their spending on IT security.
  • 85% of retail IT security professionals worked for companies storing sensitive data in the cloud.

Retail technologies often lack security controls or come with security risks. There is no standardized framework for addressing IoT cybersecurity. And the cloud poses its own risks.

To modernize your  IT infrastructure — essential for customer engagement–your retail enterprise must move beyond traditional compliance. Instead, you must embrace “security first” cybersecurity strategies.

ZenGRC: Worry-free retail-risk mitigation

ZenGRC eases the task of retail-risk mitigation and collects the documents you need at audit time automatically. Our user-friendly solution as a service (SaaS) helps with the following tasks–and more:

  • Streamlining workflows, including by integrating with ServiceNow and other popular workflow solutions
  • Viewing compliance gaps on user-friendly dashboards, and knowing how to fix them
  • Mapping controls to multiple frameworks, avoiding duplication of effort
  • Mapping controls to frameworks, standards, and regulations
  • Generating and sending vendor questionnaires, and collating the results
  • Conducting unlimited in-a-few-clicks self-audits
  • Storing audit-trail documents in our “Single Source of Truth” repository
  • Sharing risk management and compliance status with managers and the board

ZenGRC lets you manage and monitor your retail establishment’s security and compliance worry-free. Our automated solution does much of the work so you don’t have to–freeing you to focus on your customers and your bottom line. To find out more, contact us for your free consultation today.