6 of the biggest cyber threats facing your customers data

Do you own a shop on Shopify or Etsy? Or perhaps you run your store primarily through Instagram’s online store front?


In the last year, 1 in 8 retail businesses have reportedly faced being victims of a cyber attack but with the shift to online shopping as a result of the COVID 19 pandemic, this has not come as a surprise.


Within only a few months, the pandemic accelerated the shift to ecommerce/online stores by five years, meaning there is now more public and private data stored in the cloud than ever before.


Retailers should now be looking at their cyber security and understanding the risks associated with running an ecommerce store. No retail business is too small to consider cyber security, whether you have 10 customers or 10,000, the information you retain on them is still of huge value to cyber criminals.


It’s important to understand that there are many types of customer data, global audit and assurance company Deloitte have categorised four different types of customer data. They are:

  • Account: Personal and transactional data, such as name and address

  • Location: Physical location through mobile phone location, and virtual location through IP address

  • Browsing: Browsing habits, including what, when and where

  • Profile: Data from third parties, such as demographics and social media


Stay with us and we will explain 7 things you can do to protect this data and in turn, better protect your business.

Secure your data, secure your budget Whilst cyber security might not be something you have budgeted for, it is something that certainly that should be. With 39% of businesses falling victim to a cyber-attack, it is important that as a retailer you have a robust budget or you risk losing much more if your business is hit by cyber criminals.


It’s sensitive for a reason Information and data that is moved from one system or device to another is open to retail security threats. If you are transporting data, make sure the data is encrypted so it has extra protection when traveling and can only be accessed with a decryption key. Customer data is sensitive and should therefore always be transported in an encrypted environment.

*Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it.


Don’t avoid the physical risks Within retail stores there are many physical assets that can increase the risk of a cyber-attack. If you have a self-scanner, till or computer within your premises then you need to consider the risk these pose. Any till or point-of-sale system should be regularly scanned with anti-malware software and you should be keeping this point-of-sale system on a different network to all other computer devices. You can read more on the risk of point of sale in our blog.


Your employees can be your biggest asset and risk A recent report by a global technology company has revealed that 65% of security incidents are as a result of employee negligence, so training your employees on the basics of good cyber security is key. The turnover of employees in the retail sector is understandably higher than other industries, high numbers of part-time and seasonal employees often means they miss out on any cyber security training. However, adding this to the onboarding process of all employees would be a simple way to ensure everyone has had the relevant training.


Boost your security with malware protection To help your business defend itself against cyber-attacks, its essential that you have malware protection installed on your devices or devices that use your networks and that the software is regularly updated.

Be aware of how much time your employees use their devices in your retail store and reduce this as much as possible, this will help to minimise the risks posed by their own poor cyber security hygiene.


Don’t pass the password IT software provider SecureLink reported that 81% of malicious breaches start with compromised passwords, so don’t underestimate the importance of password hygiene. If your employees are using weak passwords to access your systems and these are harvested in a breach elsewhere, cyber criminals then have access to your systems.

Follow the National Cyber Security Centre’s Cyber Aware password best practices to help strengthen passwords:

· Use a strong and separate password for your email. If a hacker gets into your email, they could reset your other account passwords and access information you have saved about yourself or your business. Your email password should be strong and different to all your other passwords.

· Create strong passwords using three random words - when you use different passwords for your important accounts, it can be hard to remember them all.

· Do not use words that can be guessed (like your pet’s name). You can include numbers and symbols if you need to. For example, “RedPantsTree4!”

· Saving your passwords in your web browser will help you manage them and can protect you against some cybercrime, such as fake websites.


Interested in more receiving guidance like this?

The South East Cyber Resilience Centre is here to steer you in the right direction for your cyber security needs. Through FREE core membership you can receive all the latest cyber updates, hint, and tips and more. We also have a variety of in-depth payable services that will highlight any vulnerabilities and recommendations for fixes. Join today for peace of mind.


View our Membership options

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.