Retail Security: What The Experts Say About Security Threats for Brick and Mortar Retail

By Paul Perry

New ways to pay. Omnichannel experiences for customers. Rapidly evolving products and services.

Retail technology is on the march. 

So are cybercriminals and corresponding security threats to your business.

More than ever before, retailers are being asked to guarantee consumer privacy and protect business information while expanding into the digital space in ways that make doing those things even harder.

Every time we turn on the news, we hear about new data breaches that shake consumers’ trust when it comes to retail transactions. If retailers want to keep customers happy (and buying), they’ll need to deliver security and convenience even as the technological landscape in retail shifts.

Don’t think for a second that brick and mortar retailers are exempt from the security challenges that come with digital transformation. 

There is a lot of overlap between what online sellers and brick and mortar retailers are facing when it comes to security in retail tech. Let’s dive into some of the specific security threats out there right now.

Lockdown your digital footprint as a brick and mortar retailer

Even if you’ve got a storefront, customers often learn about you online first.

Consider it your first impression.

Whether it’s your business’s social media presence or your own website, securing it is paramount. There’s nothing for a business than losing a sale or scaring away customers who are deterred by the digital face of your brick and mortar business.

Bob Buffone, CTO at YOTTAA and an ecommerce expert, stresses the importance of combating threats to retailers’ websites. Whether it’s bots, DDoS, or other forms of attack, Buffone notes that such threats decrease conversions and negatively impact the overall shopper experience.

Lots of brick and mortar retailers don’t have full visibility and control over the traffic that comes to their sites, which can cause significant problems. Buffone estimates that bad bots can make up 30% of traffic on a retailer’s website, a rather remarkable figure. These bots draw significant resources away from legitimate visitors and can slow or block website experiences.

The big lesson for brick and mortar retailers: adopt an omnichannel approach to security.

Your teams should be working cross-functionally to monitor site traffic, block attacks, and ensure visibility into your traffic as a key step towards securing the digital aspects of the business. Such an integrated approach recognizes that the silos between brick and mortar and online retail are shifting (take Buy Online Pickup-In-Store or BOPIS, for example) as retailers take note and adapt.

Work with trusted third-party services

It’s all about securing customer data these days.

One slip-up and your company’s reputation could be tarnished for the long term. To make matters worse, some of these breaches come as a result of working with third-party providers who haven’t secured their side of things.

Chelsea Brown, a certified cybersecurity consultant, notes that for many companies, these third-party services and software are a major concern when it comes to potential breach points. Brown points to employee education as a critical component for preventing and dealing with security threats in retail tech. She also shared that tools such as better encryption protocols, paper backups, and secure software help as well.

These strategies aren’t just for digital retailers. They work well on both sides of the screen.

For example, brick and mortar retailers in particular benefit from working with third-party payment services such as Stripe and PayPal to protect against phishing scams and spam that allows bad actors to access customer accounts.

Connect with connected devices, securely

Smart devices can pave the way for lots of not-so-smart security flaws.

For brick and mortar retailers, customers now connect with your products and services in-store and beyond using these devices.

Raullen Chai, CEO of IoTeX, shared a few of the ways in which today’s smart devices are often not built with adequate security features. He noted a considerable gap between security and privacy that has yet to be bridged. This brings with it lots of uncertainty for retailers doing business with customers through those devices.

While these devices can bring many benefits to brick and mortar retail (electronic locks, anti-theft tags, video cameras, etc.), they also bring new threats. Consumer data is highly vulnerable and controls to devices can be hacked. 

Chai suggests that retailers look towards producing and working with devices that incorporate privacy by design. His big push is for an Internet of Trusted Things that ensures devices can be trusted to not leak data, respect our privacy, and work for us. If the changing cybersecurity landscape in the US and Europe (such as GDPR) is any indication, things are beginning to move in that direction.

As developers of IoT devices incorporate more secure hardware into products and companies adopt trusted technologies like blockchain, it’s easy to see the trend towards greater security in connected devices emerging. Linking secure hardware and blockchain is the key to end-to-end security, according to Chai.

Defend against bad actors

While lots of security breaches are unintentional, many are intentional.

Cybercriminals and other malicious actors put both customers and retailers in real danger. For brick and mortar retailers, it’s all about securing your digital infrastructure. Don’t leave easy entry points (the cloud, customer channels, third-party partners, etc.) for these bad actors into your business.

Oleg Mogilevskii, Market and Research Analyst with CyberInt, warns against the reputational damage stemming from cyber attacks that can cause business disruption, revenue loss, and turnover. Retailers should strive to stay as sophisticated as those seeking to infiltrate their businesses.

How exactly are cybercriminals having a negative impact on retailers?

They are buying and selling assets for fraudulent purposes (think promo codes and vouchers), infiltrating point-of-sale environments, stealing money outright, and even selling customer data on the dark web. These criminals are gaining access to compromised data over time (called “low-and-slow” attacks) which can make detection more difficult.

Mogilevskii offers retailers a few pointers for maintaining secure retail tech environments:

• Assess and monitor potential risks from third-parties
• Develop tools to address threats in all areas of the business
• Ensure visibility into the company’s digital footprint and potential attack landscape
• Hire cyber experts to grow your team’s capacity to defend against incursions

While cybercrime in retail is spreading, it’s not impossible to address. Education and preparation are critical for retailers to keep their business assets and customer data secure.

What modern security means for brick and mortar retail today

Retailers have a full plate when it comes to modern security for their businesses.

At the highest level, getting more educated and sophisticated about the threats out there is the starting point. The next step beyond that is creating proactive plans to address security threats before they become security breakdowns.

Whether it’s deploying a secure website or social media presence and working with third-party providers that “get it” when it comes to security or building up defenses against cybercrime while linking your brick and mortar businesses to secure connected devices, there is a great deal that retailers can do to maintain the trust of customers and their bottom lines.

With the right security plans and tools in place, retailers can really thrive in the modern retail landscape.

Paul Perry is a freelance writer for Boomtown, a product support platform  that helps organizations reduce the complexity of selling, activating, and servicing technology products used by real world businesses. He writes on topics ranging from business management and technology to retail and ecommerce trends.