Wherever you go today, whether Starbucks or Taco-Bell, screens are in — touchscreens, that is. More than likely your fingers will interact with a digital device at some point, whether swiping a tablet to pay a bill or signing a receipt, or else ordering your favorite espresso at a kiosk.
And thanks to the flurry of new cashierless checkout technologies like Amazon Go, waiting in a grocery store checkout line like it’s 1976 will soon be a thing of the past. Just scan your smartphone to enter the store and you’re good to go.
But while all of this new technology is a great thing, it also creates plenty of corporate challenges. Unfortunately, one of the tradeoffs has been a sharp rise in hacking and cyber attacks in recent years. Retailers today are more vulnerable than ever to phishing, malware and other infiltrations that can steal millions of financial records in no time.
That’s why it is more incumbent on you than ever to pay attention to your customer endpoints in a secure, seamless way that boosts customer confidence and prevents disasters like data breaches and lost financial information.
Below are five best practices, lessons learned, and security tips that will help ensure your retail management and security strategy is “scan and go” ready.
U.S. enterprises suffer data losses
The two major focus areas that often are not stressed enough by enterprises are device management and security. Let’s face it, everyone likes all the new shiny objects, but getting down to brass tacks about securing the devices isn’t always as popular. A recent report by technology advisory firm IDC says that greater than 40% of U.S. enterprises say they’ve had a data-loss episode in the last 12-18 months.
To survive in today’s high-stakes retail race means providing your customers with a device-management fleet solution that delivers seamless, secure and elegant customer experiences. Device security is more important than ever. Providing it will save countless headaches and protect your corporate assets, not to mention save your company millions of dollars in legal fees.
Retail hackers get more aggressive
It seems like every time we turn around today, we’re hearing about another major data breach. In fact, some of the most popular companies have been the targets of hackers in recent years. Chipotle, Equifax and Uber were attacked in 2017. And Chili’s, the well-known food chain, believes that in the spring of 2018 malware was used in its restaurant payment systems to gather credit and debit card information.
The message should be clear — if major corporations fall victim to major data breaches, then no one is immune. Retail devices such as digital tablets, POS devices and kiosks are especially vulnerable, as they are the conduit for millions of shoppers’ names, addresses, emails, credit cards, passwords or other personal and financial information.
Who can forget the Target Corp. data breach of 2013? That debacle ended in the theft of 40 million card numbers and 70 million personal records. The breach started after a third-party vendor was attacked through a phishing virus. Since the vendor had access to Target’s Ariba external billing system, and since Target had poor network segmentation, the hackers were easily able to gain unlawful entry to Target’s entire system.
How good is your security?
Let’s face it, the likelihood exists that any honest enterprise is not going to be completely satisfied with its current state of security and device management. But the honest truth is that retailers need to manage and secure their device fleet to achieve full operational efficiency, protect assets and preserve peace of mind. Today, it goes without saying that that every bit of hardware and software in retail devices must be fully compliant with the most stringent security measures.
5 device-security tips
To ensure that your device fleet (kiosks, smartphones, POS, etc.) is fully protected and compliant against cyber attacks or malware, the following steps should be taken into account by any serious enterprise today.
1. Ensure all device software is from a known and trusted source. Regular compliance checks and updates are critical for ensuring that all software is free of malicious code or malware that can infiltrate the enterprise infrastructure.
2. Use encrypted manufacturing protocols. Any type of unsecured manufacturing process is going to create another entry point for criminals to introduce unauthorized code into production runs. Therefore, ensuring strict protocols starts with hardware-security modules and other digital certificates to ensure full code authenticity.
3. Use secure code signing. Code signing is a critical part of affirming the efficacy of your source code and scripts. Make sure that it comes with the use of a cryptographic hash to validate authenticity and integrity.
4. Use secure boot to secure a chain of trust. Secure boot is designed to protect your devices against malicious code by ensuring only authenticated software runs on it. Secure boot goes hand in hand with chain of trust and is an integral part of any data-management and security strategy.
5. Use encryption-key management. By including encryption-key management with other data-protection measures, companies will be able to manage the primary steps involved with protecting, storing and backing up their mobile device fleet.
To address these needs, developers building applications for dedicated devices should seek a platform that will allow them to efficiently and securely create, deploy and manage dedicated devices at scale.
Developers need an API-centric, language-neutral approach that will allow them to tackle the big challenges of dedicated device development such as identifying, debugging and resolving issues with their apps and devices in the field.
By following these five steps, retailers will be better prepared to use today’s “scan and go” technology without incurring the risk of a costly data breach.
Copyright Networld Media Group DBA Networld Alliance, LLC May 29, 2019. This article was written by Shiv Sundar from Kiosk Marketplace. News Features and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.
