Over 149 Years of Service to the Furniture Industry

 Furniture World Logo

Don't Get Hacked!

Furniture World Magazine
Volume 149 NO.2 March/April


on


Nuts & Bolts Promises
Please Load Image

Don't be a soft target for hackers seeking to steal customer info or hold your business for ransom. Here are seven ways to protect any retail business.

With continued growth in the complexity of IT networks, retailers are battling the rapid evolution of comprehensive cybersecurity challenges. Cyber-attacks are morphing perpetually, and growing in virtuosity as these threats continue to reinvent themselves to penetrate the existing cybersecurity infrastructure of home furnishings retailers.

The statistics are alarming. More than 98 percent of computers have notable vulnerability to cyber-attacks. And, an aggressive swell in the complexity and volume of malware attacks has made it harder for the conventional retail IT frameworks to adapt. The bottom line is that your data is most likely vulnerable.

Cloud Technology Threats

There are simultaneous gains and challenges that come with the adoption of cloud technology. It is undeniable that cloud computing is a great opportunity for retailers to tap into the frenzy of digital transformation and enjoy gains. Yet cloud adoption comes with some notable vulnerabilities.

With cloud can come susceptibility to software bugs as well as errors that could compromise the security of sensitive personal customer information. Hackers relish this opportunity to attack the furniture retailer’s soft target – the network. We are seeing hacks on Top 100 and independent retailers getting more comprehensive as well as automated.

When a retailer's network is compromised, there is a risk to customers whose information may be disbursed over the dark web for criminal use in phishing campaigns.


“Hackers find it relatively easy to burgle into CMS (Content Management software) programs operating with their default credentials.”

Meeting The Challenge

  1. Domain Provider: If you pay attention to both your domain and network security it will greatly enhance digital safety. Now is the time to make sure that your domain provider uses leading-edge security technology. Above all, vehemently resist the temptation to go for cheaper options.

  2. SSL Certificates: Having reinforced the security of your domain, you should procure an SSL certificate for website data encryption. This is crucial for retailers whose sites process customer information like credit cards and other personal information, particularly for online purchases. This will help to fortify your website against rampaging hackers.

  3. Outdated Software: Direct your IT people to observe systematic patching routines to enhance IP security.

    One factor that magnifies the susceptibility of a furniture retailer to cyber-attacks is the deployment of outdated software. This is a red carpet invitation for hackers to come on board. It is well known that hackers are on the lookout for older vulnerabilities to exploit. If you are running older versions of software due to either neglect or as a cost saving strategy, you are making a big mistake! Update all software periodically and promptly. Failure to do this will leave your cybersecurity infrastructure with a crater hole for penetration by hackers.

  4. “Typically, retailers should insist that employees choose multi-factor passwords and update them periodically. Don't allow the use of simple passwords as they will leave your cybersecurity network exposed!"”
  5. Passwords: Employ formidable password policies. Poor password management has proven to be a bold-faced invitation for hackers. It's hard to believe that retailers routinely fail to change their passwords (as well as their user-names) from the default values. This is a screaming request for hackers to come to the party. Hackers find it relatively easy to burgle into CMS (Content Management software) programs operating with their default credentials.

    Prioritize the strength and formidability of your passwords. Typically, retailers should insist that employees choose multi-factor passwords and update them periodically. Don't allow the use of simple passwords as they will leave your cybersecurity network exposed!

  6. Network Segmentation: Your cybersecurity will be fortified when you segment applications having similar sensitivity. When you compartmentalize networks thereby separating components, you make it harder for an intruder to successfully penetrate delicate zones. This is because data has been broken up into a multiplicity of pathways

    This is especially important if you grant third-party service providers access to your systems. Without segmentation, a third-party provider working on a part of your database that does not contain sensitive information, may also gain back door access to, for example, your POS system.

  7. Web Filters: Web filters act as content control software that allow you to restrict access to distinct websites. Using a blacklist or a whitelist, they meticulously peruse the content of external websites. If they find contaminable materials or prohibited keywords, they have the ability to block the connection. This turns out to be a handy way to protect retail systems from venturing into malicious websites that may compromise cybersecurity. Such web filters are flexible and can be installed as a standalone computer program, an overall security solution feature, or even as a browser extension.

  8. Email Security: Many retailers don’t realize that email is the most dangerous cybersecurity threat they face. According to a SANS Cyber Security survey, approximately 75 percent of dangerous threats are transmitted by email attachments. Also, 46 percent of attacks are perpetrated via victims clicking web links contained in emails. How alarming does this sound?

 

Malware, phishing campaigns, URL-based attacks and corporate identity theft are proliferating as hackers continue to engineer massive security breaches via clever emails.

Traditional anti-spam email filters can’t protect you sufficiently anymore as hackers have ingeniously invented ways to bypass email security systems. That's why you need to add extra layers of email security as well as standardize email signatures.

Many furniture retailers and manufacturers have been hit hard by this type of breach. I'm talking about being sent back to the stone age, having to input sales and write out PO’s on paper!

More Security Measures

Here are recommendations for retailers – big and small.

“Move to the cloud and use a third party to 'sandbox' emails for detonation, should it become necessary, before they hit your Inbox."”
  • Don't be cheap! Given the potential for business disruption due to security breaches, malware and ransomware, a penny saved is not necessarily a penny earned. Whether you have the resources to execute a cybersecurity program in-house, or work with an outside vendor, make sure you have talented people working on this issue. They should know the business of security, and have experience working with retailers like you.

  • Email security – move to the cloud and use a third party to "sandbox" emails for detonation, should it become necessary, before they hit your Inbox.

  • Use a web filter to make sure no device on your network can get on a site that could potentially have the ability to hit your network; set up the filter at a DNS level.

  • Backups, backups and more backups! Always have three backups because you never know what is going to hit you and where. Keep one copy on your server, another somewhere on your network like an external drive, and one in the cloud.

     

 

Cryptolockey is a ransomware attack that comes via an email with a bad attachment or through a network device that allows it to settle into one machine in your network. As soon as it comes into your network it has the ability to rapidly and completely destroy your network, your server and your data file. It will encrypt everything you own on your network and hold you hostage till you agree to pay ransom money in bitcoins!!

Backups are encrypted files, so even if you get hit by ransomware like crypto – your backups will be safe. They are cheap but will save you.


Amitesh Sinha is a technology consultant based in North America. With over 20 years of experience developing and deploying solutions for retail, Sinha has gained a reputation for home furnishing software solutions, furniture software, POS furniture software, and re-engineering of software with extended features. His company, iConnect offers business technology solutions that integrate with most P.O.S. systems to make them more efficient and user-friendly. For more information about this article or any retail technology question contact Amitesh at 703-471-3964, amitesh@iconnectgroup.com or www.iconnectgroup.com.
Read other articles by Amitesh Sinha