6 Tips to Avoid Overlooked Retail Vulnerabilities

When it comes to security, employees can be a retailer’s best asset or biggest liability. While a store might have the latest version of security software installed and be relatively tech savvy, that isn’t enough: According to the National Security Institute, three-quarters of breaches are caused by a store’s own employees.

The solution? Comprehensive training that touches upon overlooked areas that could make your business a target for hackers. The truth is, most employees don’t intend to put their employers at risk—they simply aren’t aware of what they should and shouldn’t do.

Here are six things you can do to decrease the odds of internal security vulnerabilities:

1. Limit Wi-Fi Access

Hiding your Wi-Fi network from view is only the first step. While it’s tempting to give the password away to all employees, resist that urge unless it’s absolutely necessary for business operations. If a sales associate happens to visit an infected website, they could put your network at risk. It’s also important to choose a password that’s difficult for criminals to guess—try a mix of letters, numbers and symbols, and steer clear of your company name, employees’ names or anything generic (ahem, “password123”).

2. Keep Work and Personal Devices Separate

The more mobile we become, the more we’re at risk for a device—or the information it holds—ending up in the wrong hands. To avoid this, stress that employees shouldn’t check email or social media accounts on company laptops, tablets or phones, especially if these are also used to process payments. The same goes for personal devices: Don’t allow employees to perform any business-related operations on personal computers or smartphones. All it takes is one transfer of sensitive information to an employee’s home laptop for things to get out of hand.

3. Don’t Allow “Backroom” Technology onto the Sales Floor

Employers should also emphasize that every business-related device has its place (physically speaking). For example, employees should never bring a computer that stores credit card numbers, staff social security numbers or other personal information onto the sales floor. Unless a device is used as a payment terminal or to enhance the customer experience in some way (think iPads for checking inventory), it should stay behind closed doors.

4. Limit Software Installation Access

Even those devices kept in the backroom of a store can result in vulnerabilities. While it may seem more efficient to grant every store manager access to install and upgrade security programs, manage customer information or access paycheck information, this strategy could cost you. Instead, grant only trusted management employees (who have ideally been with the company for some time) the ability to manage these processes. That way, if a breach does happen, its root cause will be easier to trace, and ultimately, solve.

5. Make Sure Employees Understand the Latest Payment Technologies

Sales associates have a role in keeping your business safe while they’re processing customer transactions, too. Mobile payments and EMV chip cards only create a more secure retail experience if customers use them. Make sure employees are prepared to answer common customer questions about each and to guide them through the payment process.

6. Repeat Trainings as Needed

Even the most diligent employees can benefit from a security refresher from time to time. In addition to going over the training points above with each new staff member, businesses should also schedule yearly or twice-yearly reviews to answer any questions and update all staff members on the security implications of any new technology that has been added to the store’s fleet.

While internal security vulnerabilities are often unintentional, they can be incredibly detrimental—especially when not caught early on. By taking the above steps and maintaining an open and ongoing conversation around security, you’ll put up a strong defense against common behaviors that could threaten your reputation and put your customers’ information at risk.


Want to learn more about retail security? Read up on other posts on the topic here