As more businesses grew their sales online during the COVID-19 pandemic, something more sinister was also growing — ecommerce fraud. For mid- and large-sized U.S. retailers, the average volume of successful monthly fraud attacks increased dramatically in 2020. In fact, fraud increased between 43% – 48% when compared to 2019.
And it doesn’t seem to be slowing down any time soon. Part of the reason cybercriminals target retailers — both brick-and-mortar and e-commerce — is that they handle and store a wide range of sensitive information about their customers, from names and birthdates to payment card information.
Retailers can and should always have preventative measures in place to protect customers’ information, there will always be an inherent risk that your data will be breached. When that happens, it can be devastating to any business, but particularly smaller businesses that operate with lower margins.
Therefore, it’s important to build trust with your customers. This way you can protect your brand — and bottom line — if something does go wrong.
Anything you do over the internet comes with a certain level of risk — shoppers know this. As a retailer, you want to establish forgivability, meaning shoppers believe that your priority is safeguarding their information through preventative measures, and that in the event of a cyberattack, you’ll resolve matters quickly and transparently.
A great example is the difference between how Target responded to their data breach in 2013 versus how Equifax responded to their breach just a few years later. Target responded within weeks, swiftly taking multiple actions and notifying customers. On the other hand, Equifax didn’t even notice the breach for four months.
Ultimately, customers seemed to understand that certain cyberattacks can be difficult to entirely prevent because they’ve continued shopping at Target. Equifax hasn’t been as fortunate and may still be dealing with the damage to the company’s brand for several more years.
To protect against a cyberattack and encourage forgivability with customers, here are three important actions to follow.
Cybersecurity impacts both your company’s reputation and your financial well-being. So ensure every employee understands exactly how important it is to protect customers’ data, as well as the steps needed to enable strong enterprise security. Because a good security program isn’t simply technology, it’s also the humans behind it that must remain constantly vigilant and ready for the next threat.
One way to get your employees engaged is by implementing a solid cybersecurity training program. This gives your employees the knowledge and confidence to do their part in defending your company against attacks — since they’re typically the frontline defense against a number of common tactics, such as phishing and social engineering.
Strong enterprise security necessitates multiple layers to confirm that your customer’s information is safe across all channels — including mobile devices. To do this, you’ll need to invest in more than simply meeting the basic standards.
And in the event your retail business does become a target of a cyberattack, be transparent with your customers about how it happened and the measures you’re putting in place to mitigate any future risk.
Regularly communicating with your customers and educating them about cybersecurity risks is key to forgivability. For example, ways you can help your customers include:
Emphasizing the importance of using multi-factor authentication when possible
Sending regular reminders to your customers that let them know that you care about their privacy
At the end of the day, education breeds knowledge and understanding, and therefore forgivability.
For every brand, forgivability will look different. However, at its core, forgivability is a mix of communication, transparency, and tough love to establish trust. And it’s something that retailers can earn by making security a top priority for all employees, working to continuously improve security measures, and educating customers about what they can do to keep their information safe. Although cyberattacks will continue to happen, it is often the response to an incident that people will remember long-term.
Dan Holden is the VP, Cyber Security at BigCommerce and has more than 25 years’ experience across the cyber security and IT industries as a technology innovator and recognized cyber security expert. His broad areas of expertise include enterprise security, risk management, business development, cloud infrastructure, and new technology development. Throughout his career, Mr. Holden has held leadership positions at companies including the Home Depot, the Retail & Hospitality ISAC, Arbor Networks, and TippingPoint. Over the last decade he has been a frequent speaker at major industry conferences including RSA, Defcon, and RVAsec. He has also been featured in many top publications, radio, and television around the world including Forbes, BBC, and Bloomberg. He is a Mentor with Austin-based cyber security group Manifest.