Bunnings announced this week that a number of Drive & Collect customers may have been exposed in a data security breach. A retail security expert gives Power Retail four top tips to avoiding data breaches and protecting customer information.
Drive & Collect customers of the Australian retailer may have had their personal data compromised, as the third-party booking system, FlexBooker, suffered a cyber security breach last year.
In a statement from Bunnings, the retailer explained that the third-party booking platform FlexBooker was left vulnerable by a hacker group named Uawrongteam. The incident occurred in late December 2021 and revealed customers’ names, email addresses and phone numbers.
“On December 23, 2021, starting at 4:05 PM EST, our account on Amazon’s AWS servers was compromised, resulting in our temporary inability to service customer accounts, and preventing customers from accessing their data,” said a spokesperson from FlexBooker. “As part of the incident, our system data storage was also accessed and downloaded. In response to the outage, we worked closely with Amazon to restore a backup and were able to restore operations within 12 hours.”
You can read the full story here.
A report from Sophos has shown that 2020 saw 44 percent of retailers hit with a ransomware attack. What’s more, the cost of recovering from such attacks can cost retailers a hefty sum; the average cost in the retail sector was nearly US$2 million.
In the wake of this incident, Leo Lynch, the Vice President, Asia Pacific, Arcserve, has provided a series of tips and tricks for retailers to prevent incidents like this from occurring and protect and recover data.
1. Get the Right Data Storage
“Retailers need to manage and protect a lot of data, from credit card numbers to email addresses to invoice information. The list goes on and on. Having the right data storage solution enables you to protect that critical data, even if you’re a victim of a ransomware attack,” said Lynch.
With this in mind, retailers should look for an ‘immutable data storage solution’ that can safeguard information. This is done by taking snapshots every 90 seconds.
“You can still recover your information even if ransomware does sneak through and your data is overwritten. Because these snapshots are immutable, there will always be a series of recovery points, ensuring that your data will be safe,” he said.
2. Strengthen Your Weakest Link
While firewalls, endpoint protection, email security, etc., are all crucial, it’s also important to have backup and recovery as a part of an overall IT security solution. “And if it’s not done correctly, it will be your weakest link,” said Lynch. “Having a comprehensive backup and recovery plan lets you protect your data if disaster strikes—not just a cyberattack but also basic incidents like a power outage or hardware failure.
“Your backup and recovery plan should include a simulation of business disruption to assess your strategy. It should also include regular testing of your backup images so you can resolve potential issues before they occur. He explained that retailers with a recovery plan are more likely to escape maximum damage and permanent data loss,” he explained.
He continued that retailers should ‘hope for the best and prepare for the worst’ when it comes to data protection. “Having a solid plan in place can ensure your business remains at the top of its game during the all-important holiday shopping season,” he explained.
3. Understand that Not All Data is Created Equal
“Data tiering is critical for retailers,” Lynch explained. “The approach involves moving less frequently used data, or less vital data, to lower storage levels for cost, recoverability, and availability. The premise is that not all data is created equal, so it’s essential to have different sets of policies based on how critical the data is and how quickly you need to access or recover it.”
He further explained that while having quarterly results at hand is good. However, if a retailer loses access to the information for a few hours or days during the peak shopping season, it won’t affect sales.
“However, if your business’ price list is compromised or your delivery addresses are not accessible, it could have an immediate and profound impact on your business,” he said. “That’s why it is important to prioritise your data and understand the value of each piece of data.”
4. Protect Your Data in the Cloud
It’s safe to say that many retailers operate in the Cloud, but they must understand that it is a shared responsibility between the retailer and the Cloud provider. Furthermore, retailers must know that this sharing is not divided entirely equally. “The retailer is primarily responsible for protecting their data in the cloud, not the service provider,” Lynch explained.
“Top-tier providers like Microsoft Azure, Google Cloud Platform, and AWS typically secure the core infrastructure. But when it comes to securing data, that responsibility falls squarely on the shoulders of customers. Retailers who fail to grasp this simple fact are much more likely to suffer a data loss,” he said.
“You should be aware of your responsibility, ensure that you have the proper protections in place, and regularly test your ability to recover from data loss if it happens.”
The e-commerce landscape is changing. With a Power Retail Switched On membership, you get access to current e-commerce revenue and forecasting, traffic levels, average conversion rate, payment preferences and more!