By Bill DeLisi, GOFBA
The world is relying on both e-commerce and brick-and-mortar retail during the COVID-19 crisis. Quarantined consumers are curating their weekly grocery orders online while others are shopping online for the first time. Additionally, supermarkets and online stores are experiencing supply shortages of household goods as a result of coronavirus panic-buying. With so much at stake for retail organizations and the public that relies on them, these companies need to do everything in their power to ensure smooth operations. Part of maintaining a seamless retail supply chain is keeping corporate data secure from criminal elements that are flourishing during this pandemic. Here are three ways retailers can safeguard their data right now.
1. Beware Of Phishing Schemes
Phishing schemes typically increase in frequency during emergencies. For example, after a hurricane there are emails pretending to come from Federal Emergency Management Agency (FEMA) or insurance adjusters with offers to process claims quickly. Unfortunately, the worst of human behavior presents itself with scammers using the COVID-19 pandemic to prey on people’s fears. Here are some examples of the types of coronavirus-related phishing emails going around:
- Emails that promote an “urgent coronavirus cure” or other potential breakthrough or sensational news item
- Messages that claim a person’s electricity will be shut off during quarantine if they don’t make a payment
- The offered sale of fake COVID-19 testing kits or medicines purported to help ward off the disease
- Fake alerts from the CDC which has the look and feel of official messages, and offers fake lists of virus cases “around your city”
- Hackers present emails offering a COVID-19 tracking app that’s supposed to provide real-time updates
Besides being morally repugnant, these phishing emails are designed to act as malware that can infect single computers and entire networks. Once infected, the malware provides the hackers an opportunity to steal corporate data such as customer credit card numbers, or to hold the entire company’s data ransom.
2. Reduce Security Risks For Remote Workers
While of course, traditional grocery stores need workers and managers in place, many corporate staff have shifted to in-home remote working. And e-commerce workers are also shifting away from a headquarters model by moving marketing, sales, management, and other non-warehouse roles to remote work.
The sheer scale of remote work means many employees must use their own devices to access company data. Put in place Bring Your Own Device (BYOD) policies that set standards for minimum data encryption and passwords, what types of data will be kept away from BYOD users, and inactivity timeout controls to cut off access during idle times. IT should also be able to remotely wipe company access from devices if the device is lost or the employee is fired or quits.
In addition to meeting the challenges of BYOD, retail firms managing remote and in-person workers should also put in place other cybersecurity safeguards, such as:
- Implement multi-factor authentication (MFA) to require two types of identification and limit the chances of bad actors accessing at-home networks
- Encourage employees to stay off public Wi-Fi networks
- Put in place monitoring tools to spot suspicious activity, such as an alert when a user clicks a link to a suspected bad site
- Use safe search platforms such as GOFBA that provide users with a shield from many malicious sites
3. Arm Employees With Information
Retail firms must address these issues head-on for every employee that uses the company network or connected device. For phishing schemes, it’s imperative to train employees about how to spot fraudulent emails and remind them they can always delete messages. The key point is for employees to not click on any links within a phishing email, as that’s the malware gateway. Tell them it’s okay to go to reputable online news sources to check any information they receive via email. Give employees some context about how organizations such as the World Health Organization (WHO) and Centers for Disease Control and Prevention (CDC) typically communicate (it’s not to work emails) so they gain a better frame of reference for spotting fraud.
Beyond phishing schemes, corporate IT can take several other steps to protect employees and the company:
- Ensure remote workers access company data only through approved means such as virtual private networks (VPNs). Mandate training for doing this access correctly.
- Put in place automatic updating for all the approved programs remote workers use throughout the day. Relying on manual updates will leave gaps when it comes to patches and other security fixes. Coronavirus scams that introduce malware can be stopped if all security patches are in place.
- IT should set up frequent communications to employees to remind them of best practices, new cybersecurity tech implementations, and other proactive measures. This should include examples of the latest coronavirus-related scams.
Retail organizations carry a heavy burden during the crisis, and, unfortunately, they need to worry about scammers during this time. Through proper training and the right technology, retail firms can protect their mission-critical data and come out of the pandemic stronger than ever.
About The Author
Bill DeLisi is one of the world’s most authoritative experts on cybersecurity. He is currently the Chief Executive Officer, Chief Technology Officer and a founding member of the Board of Directors for GOFBA, Inc. DeLisi has more than 30 years of experience in the computer industry, including holding the position of Chief Technology Officer at several companies. He has worked closely with Microsoft Gold Certified Partners, helping pioneer “cloud” computing and creating security infrastructures that are still in use today. DeLisi is responsible for the development of proprietary technology that serves as the backbone of GOFBA’s platform and has over 30 certifications with Microsoft, Cisco, Apple, and others, which includes the coveted Systems Engineer with Advanced Security certification, as well as expert status in Cloud Design and Implementation.