|
Recently, Fred and I were dining with a friend and she
told us an interesting story about a small retailer that focused on home delivery of organic and natural foods. Unfortunately, the
business closed its operations. After the business closed, they discovered that
their technology infrastructure was compromised and customer credit card
information may have been stolen. Our conversation continued in the direction
of small start-up businesses and the security challenges retail food
vendors face in the future.
There are several security tasks that can be done which will greatly improve your security posture. For small retailers, we felt it was important to convey
the following:
Secure
your I/T assets physically
Small vendors often do not lock or otherwise physically
secure their computers or cash registers. IT infrastructure should be locked in
an office during normal business hours. For more mobile devices (such as
laptops and cash registers), physical protection like cable locks should be
implemented.
Secure
your networked I/T assets
If your computers or point of sale devices are
connected to a DSL line or other internet connection, understand the security
concerns around placing devices on internet lines. Antivirus and firewalls are
the very basic items that should be in place.
Understand
your data repositories
What data do you store about your business? Do
you know where that resides? Do you need all of that data to perform your
day-to-day business? Ask these questions about the data you collect for your business. The answers may surprise you. If you don't
need the data, get rid of it.
Here are some additional security measures that
can greatly improve your security posture:
- Change
vendor supplied default passwords and parameters (for example on wireless routers)
- Encrypt
communications that contain
sensitive information (credit card information, personal information)
- Limit
access to your network especially through wireless access points and routers
- Restrict
access to sensitive data on a need to know basis
- restrict access to sensitive physical data
(shred sensitive information, don't leave passwords in the open, keep customer
information in a locked location)
Many simple tasks can be performed that greatly
improve the security posture of your business. Implementing secure business
practices in retail is exceedingly important given the access to large sums of
cash and customer data. Addressing these areas early will allow you to
focus more on your core
business as it grows. |
