Post-Breach Survival Guide for Retailers
While continued security breaches may be making fewer headlines now than in December, their impact is ongoing, especially for retailers who need to take action – unless they want to be the next to face a crisis.
In other words, it’s time to be proactive.
Changes are coming to the transaction industry, most notably the adoption of the EMV chip card in the United States in late 2015. So-called “chip and PIN” is expected to be a significant upgrade over the magnetic strips now in use. But waiting for chip and PIN and relying on maintaining compliance with Payment Card Industry (PCI) standards simply isn’t enough – they should be only one part of a retailer’s security program.
Here are some things every retailer should consider:
- Conduct an individual risk assessment. These programs must be straightforward and monitored by third-party auditing and testing. Security is not the place to try to save a few dollars; it has to be a priority. Data protection must be viewed as the equivalent of medical insurance.
Research firm Gartner recently noted that retailers devote just 4 percent of their technology budgets to security, while banks spent 5.5 percent and healthcare firms spend 5.6 percent. Four percent simply isn’t enough.
That said, IDC Retail Insights expects U.S. retailers to spend $720 million on security in 2014, an increase of 5.7 percent from last year, in part because of well-publicized breaches.
- Be prepared in advance. Designate an internal breach response team and empower them to take immediate action. That team should include legal counsel, public relations representatives, senior managers and risk officers.
- Don’t assume a breach can’t happen to you. Always be on the lookout for ways to make your business more secure. Hackers never rest, and neither should your security.
- Collaborate with others. You may not want to share tips with your competitors, but hackers are everyone’s competition. Collaborating on best practices is a surefire way to increase security within the industry.
- Respond quickly and publicly to problems. If bad news happens, let the public know right away. When things fester – just ask Bill Clinton and Richard Nixon – problems get worse. More importantly, you run the risk of letting someone other than the company control the discussion. Being proactive is typically looked upon favorably. And never ignore the media.
- Don’t play the blame game. You may be a victim, but don’t come across as one. Take ownership of the problem and let people know what you’re doing to put everything right.
- Talk to your customers and rebuild trust. The loyalty of your customers is paramount. Many are willing to be forgiving, so make them feel important. Be humble, offer rewards for customer loyalty and take steps to correct any difficulties they face.
All these tips come down to one thing – being proactive and facing the problem head on. Literally, it’s a matter of dollars and sense.