- Security awareness trainer MediaPro has found retail is the industry segment most vulnerable to cyberattacks, according to Progressive Grocer. Companies in the segment experienced 43% of all phishing attacks during the last six months of 2016.
- According to a MediaPro report, only 29% of retail employees are prepared to deal with cyber threats. This is a major liability, as 84% of shoppers would change their buying habits if their favorite store was hit by a data breach. In addition, 49% said they would be unlikely to continue shopping at the compromised store at all.
- Malware is one of the biggest cyber concerns, with 25% of employees failing to report a slow-running computer — a sign that the system could have been infected. Additionally, 60% of employees choose to discard a potential password hint in an unsecure manner, and 26% of employees thought it was acceptable to use a personal USB drive to transfer work documents when working remotely.
No business is safe from a cyberattack, but grocery and other retailers are particularly at risk as hackers search for consumers' payment information and other private details.
One reason for this vulnerability is the fact that retailers aren't training their employees to look for risks. This kind of training is costly, and with the amount of employee turnover in some stores, a difficult initiative to manage — especially if employees don't have much experience with computers.
Schnucks was the victim of a cyberattack in 2013, and two years later, CVS, Costco, Wal-Mart Canada, Sam's Club, Walgreens, Rite Aid and Tesco all reported possible security breaches at their photo sites. Target was also hit in a well-publicized hack three years ago.
In order to avoid becoming the next retailer hit by a major breach, grocers need to make employee education and updated best practices a priority — a costly challenge and one that is especially hard for small mom-and-pop outlets. According to MediaPro, 8% of retail employees proved to be a risk when it came to correctly identifying phishing email attempts. Less alarming, but still an issue for grocers, is the fact that 16% of employees said they'd take potentially risky actions related to their company on social media, such as posting about a yet-to-be released offering.
The fallout of cyberattacks is often company-wide, affecting stores and consumers across the country, but prevention needs to be implemented on a small-scale in order to ensure safety. It may be unlikely that an individual employee error could hurt company data, but this kind of training can eliminate many small risks that can build up over time. For grocers and other retailers, the upfront cost to try to prevent an attack can hurt, but the long-term financial loss they face from lost business by not preparing can be even more painful.