E-commerce
Why retailers should focus on selling, let experts do the securing
Christos Kalantzis, senior vice president of technology at SecurityScorecard, explains why retailers striving to protect customer digital safety and brand reputation should not try to do it all or on their own.
July 20, 2020 by Christos Kalantzis
Most retailers have been adopting or expanding their e-commerce story for the last decade. Historically, the opportunity to increase their customer base and adapt to the market's changing purchasing habits have been the main drivers.
However, with the spread of COVID-19, nearly all brick and mortar stores have shuttered for months at a time, amplifying the need for retailers to further adopt e-commerce, not just as a revenue supplement, but to survive in a changed world.
Retailers are scrambling to increase their online footprint and adjust to new shopping habits, especially with the possibility of a second virus wave. This scramble can lead to corner-cutting in their infrastructure; hackers are hoping and counting on that.
Securing customer data is not easy. Data needs to be encrypted in-flight (on-the-wire) and when stored (at-rest). The systems that process and store those transactions have to be kept up to date, as new vulnerabilities are continuously being discovered . Backups need to be taken on a regular basis, tested, and copied offsite. Compliance measures (such as PCI) need to be attained to ensure that best practices are being adhered to when processing credit card transactions. Those are just a few of the security considerations when running your own e-commerce website.
If you're not a security expert, do not try to do it yourself. In the tech industry, there is a term called "undifferentiated heavy lifting" that is used to describe work that doesn't help you or your company achieve goals, no matter how well you might do it. It does not differentiate you from your competitors.
A retailer's business is to identify a market they want to sell to, choose the appropriate products for that market, and build their brand by providing the best service possible to that market. It does not do a retailer much good to build its own e-commerce site if they can use another platform with the same results. Otherwise, they will end up forced to build out the engineering and IT arms of the organization too early on, taking away resources that should be supporting the initial revenue goals and retail initiatives.
E-commerce is mostly a solved problem. There are plenty of platforms out there for retailers to begin dipping their toes into: eBay, Amazon, Etsy, Walmart and many others allow third party retailers to list products on their platforms. If more customization is needed, platforms like Shopify provide that service rather seamlessly. For more unique or niche needs, many boutique e-commerce platforms exist to help provide that guidance.
Although each platform differs in their approach, one thing they all have in common is a team of accredited IT professionals and security experts that are working diligently to secure your customers' data. They also offer credit card processing so you can focus on building your business rather than complex details that will likely take away from larger goals.
When using third party vendors, make sure you have a monitoring system in place that will alert you of any known cybersecurity vulnerabilities that already exist or may pop up while engaged with them. The more visibility you have into the security posture of all partners, the better off you will be.
If you're at the point in your corporate journey when you're ready to build out these initiatives in house, make sure you're hiring experts with security backgrounds, not just retail experience. A few steps you can take to secure customer data are:
● Be aware of the data you've collected. The first step to protecting data is to know what you're in possession of. Only then can you make the appropriate decisions on how best to secure it, both from a customer and legal standpoint.
● Keep what you need and delete what you don't. It's tempting to hoard data in case you one day may find a use for it. In reality, you're just increasing the blast radius of a po in the case of something going wrong.
● Secure that data. Encryption technologies and processes are evolving at an exponentially rapid rate. Organizations that haven't reviewed and, if necessary, updated their encryption practices are often more vulnerable to attacks.
● Limit access to customer data. Many leaks are unintentionally from within. Limiting access to data reduces the opportunities for hackers to strike at a weak point.
● Hire a dedicated IT security expert, CISO, or vCISO. An experienced team lead is the first step but building out the teams is equally important. It's important to hire experts in securing systems as well as experts who know what to secure.
The last few months have been a challenging time for everyone, and many retailers have seen their business model upended. In order to protect customers' digital safety as well as brand reputation, do not make the mistake of trying to go it alone at e-commerce. Whether using a third-party platform or building your own, let experts provide the security platform and guidance you need, so you can do what you do best — sell.
Christos Kalantzis is senior vice president of technology at SecurityScorecard.
About Christos Kalantzis
Related Media
Subscribe
Get the latest news and resources from Retail Customer Experience.
