Sports Direct was hit by hackers in a very public way in 2016 – but it could happen to any retailer. And one of the biggest soft spots for hackers is staff mobile devices. G-J Schenk, VP International at Lookout highlights the threat and offers some advice on how to minimise its impact
Cyber threats are a risk vector that every retailer should be paying attention to, or take the chance of losing more than just revenue. Take Sports Direct for example, just last year it suffered a security breach that saw the personal details of 30,000 employees stolen. The consequences of this event are still unfolding, quite publicly.
The truth of the matter is that an attack like this can have a significant impact on a retailer, its employees and can ultimately change how customers perceive the brand. Retailers must tighten their security measures to prevent this happening, especially as hackers become more sophisticated in their approach.
One of the easiest routes into a business is through an employee’s mobile device. Today, mobiles have more access rights and knowledge about us than your standard PC, yet they usually have none of the protection or antivirus technology that comes as standard on desktops or laptops. Hackers are aware that these handheld devices are an easy target and will exploit it if they wish.
However, it’s not all doom and gloom, as retailers can take action to mitigate against these attacks.
Avoid turning a blind eye
The first step is admitting that the cyber threat landscape poses a risk — and focusing on the fact that the risk is growing. The recent hack of Sports Direct, is just the tip of the iceberg. Hackers have the ability to crash an entire e-commerce website or app, and with British mobile phone users predicted to spend £27 billion on online shopping from their mobile device, we can only begin to imagine the catastrophic impact this could have on profits.
The issue we face as humans is that we’re terrible at measuring risk, often adopting an ‘it will never happen to me’ mentality and this can spill over into how we manage businesses.
All too often, enterprises turn a blind eye to the risks and leave themselves vulnerable.
Act now, not later
For retailers specifically, just understanding that the cyber threat landscape exists, is not enough to prevent an attack; real actions must be taken to protect the enterprise from the ground up. It is not just the CEO or owner of the company that the risk relates to – it is all employees that have a mobile phone that have the potential to provide a route in for hackers.
The fact is, 74% of security leaders said they faced a breach as a result of a mobile security issue.
A recent Lookout report also revealed that there were as many as 28 serious mobile threat encounters per 1,000 devices per year in the retail industry, and revealed that mobile devices connecting to corporate networks of major retailers had significant exposure to app-based threats.
It only takes one click of an infected hyperlink or message and hackers can get instant access to everything that is stored on a mobile phone – you may as well have handed your phone and passwords over to them. Now consider how much data mobile devices holds — from cameras and location tracking to microphones — which mean they can become the ultimate surveillance tool and the biggest threat to your business.
This should be a cause for concern, especially as these handheld devices are often used to access corporate data, on the go. If your employees are retrieving company information on their unprotected device, or attempting to connect to unprotected WiFi networks, hackers can use these weakness to infiltrate the device and possibly steal invaluable information about sales strategies.
Treat mobiles like you do your PCs
Protecting mobiles in the same way as an enterprise would treat its corporate networks, PCs and laptops is one of the first key steps to avoiding these cyber attacks. Regardless of the position within the business, from HR, to sales, to execs — all mobiles need to be protected to prevent access from hackers.
It’s imperative that retailers invest in the appropriate mobile security solutions and educate employees on the risks of using their mobiles for business purposes. This year could be the most profitable year yet for your business, with mobile spending expected to boom, don’t let your greatest strength also be your weakest link.
