As online and mobile shopping continues to gain in popularity, identity thieves have more opportunities than ever to steal sensitive financial information from unsuspecting consumers. Customers expect retailers to take extra steps to keep their data safe, but with record-setting data breaches constantly in the news, it’s no surprise that nearly half of respondents to Generali Global Assistance’s recent Cyber Barometer indicated that companies are not doing enough to protect their personal information.
Customers are right to be concerned. Online shopping has caused an increased level of consumer data that’s ripe for the taking, and it seems as though every day another major company is falling victim to a cyberattack. These attacks are having a real impact on consumer sentiment and trust. For example, a Generali Global Assistance survey conducted around the holiday shopping season found that 83% of consumers felt uncomfortable making a purchase at a retailer that experienced a data breach in the past.
Though we are seeing some retailers take action by heightening their defenses, the same survey found that 48% of shoppers still feel unsure about whether businesses are doing enough to protect their data. This is reinforced by the fact that 55% of American shoppers said they would feel more confident that a business is actively trying to protect their data if they offered identity protection services.
As customer-facing businesses, retailers should always put the safety of their customers’ sensitive data first, and if they take proactive steps to protect sensitive data, they can ease consumer anxiety.
Accounting For Human Error
Many organizations understand that they need to have sufficient technology in place to combat cyberattacks; however, one of the most commonly overlooked risks to a company is human error. This can encompass anything from an employee misplacing a company laptop; sending confidential data to an unsecured home system; or an employee falling victim to a phishing email. Retailers can build a culture of cybersecurity amongst their employees by holding educational lunches, posting relevant tips around the store and office and conducting cybersecurity tests on an ongoing basis.
Also, employees who carry devices connected to company systems should be wary about connecting them to new and unsecured networks, and retailers should establish clear protocols for using work devices outside the office.
Countering A Disgruntled Employee
Another potential threat for retailers is disgruntled employees looking to get back at their former employer by either taking or leaking sensitive customer data. Situations like this can be especially damaging for employers, since almost 60% of all cybersecurity attacks on companies are carried out by insiders. This should be an alarming statistic for any retailer, as retail employees are often the ones dealing directly with customers and their data. All it takes is one disgruntled employee to cause a breach, which can have a longstanding impact on the confidence consumers have in that retailer.
To help avoid issues with disgruntled employees, one simple solution retailers can take is to update passwords regularly, especially when a high-ranking employee with access to important systems leaves the organization.
Preventing Identity Theft
Identity thieves who are able to gain access to employee credentials may pose an even bigger threat than attacks carried out by insiders. While an identity thief getting hold of an employee’s data isn’t the same as a massive breach of consumer data, if the right employee is targeted, the identity thief can gain access to more information than they could ever get from outside the organization.
Training employees to spot suspicious messages and making sure there are monitoring services in place in the event of a breach are important steps all retailers should take if they hope to uphold their customers’ trust.
In addition to putting some of protocols outlined above in place, there are also some proactive steps retailers can take themselves. One method is gauging how data is collected at each touch point. Being a good custodian of data means having proper collection, handling, tracking and sharing protocols. As a retailer, it’s important to understand how you are taking in data and to evaluate your intake forms and assess how that data is stored.
Of course, the biggest piece of advice for retailers is to educate themselves on the potential scams and methods identity thieves employ when trying to steal data — as understanding the risks is often the first step in preventing them.
While shopping is usually a pleasant experience, it is not without risks. Reducing the risks that come with identity theft requires a proactive approach from retailers, which can help their customers avoid one of those dreaded calls to their bank or credit card provider.
Paige Schaffer is President & COO of the Identity and Digital Protection Services Global Unit for Generali Global Assistance. Schaffer leads sales and marketing strategy and revenue growth initiatives, managing operations as well as global expansion. She began her tenure with Generali Global Assistance in 2007 and led North America Operations for both the emergent Travel Assistance business and the Medical Claims division, working with insurers, medical providers and government contractors. Schaffer is a thought leader on identity theft protection, prevention and victimization.