Hardware Retailing recently talked to Daniel Eliot, director of education and strategic initiatives for the National Cyber Security Alliance to learn the truth about how cybersecurity impacts small business. Eliot also gave advice on how independent home improvement operators can protect their businesses against a data breach. Read his tips here and implement them today to secure your operation.
Appoint a risk mitigation officer
IT is not cybersecurity, Eliot says. You need a point person other than the one who sets up your printers and diagnoses network connection issues to manage data cybersecurity and data breach issues.
“The person you designate for this role should be someone who can help your IT staff scale and implement the technical and operational needs to prepare for a data breach,” Eliot says. “This person is responsible for addressing risks and training employees on what to look for. Just like we do fire drills, we need to practice our cybersecurity response strategy.”
This role doesn’t need to be fill internally. If you use an external service provider for IT management, talk to their team to find out what their capabilities are and make sure they have a plan in place.
Develop a device usage policy
Customers have immediate access to information, and you may often come across people price-shopping in your aisles. Offering free Wi-Fi and empowering your own employees to use their personal devices on the salesfloor to look up how-to videos or research products with customers is a necessary component of customer service in today’s landscape. So how can you be sure those devices aren’t being used nefariously while connected to your network?
“As organizations grow and hire more people, leadership needs to understand the risks associated with that, and they need to be able to scale their information security,” Eliot says. “Establishing a device usage policy can help mitigate the risk of a data breach.”
Create a guest Wi-Fi network for your customers and employees to use in the store. Make sure your POS system and other computers are connected to a separate network to limit the connections between systems on a single network. Talk to your IT company, internet service provider and risk mitigation officer to determine the best setup for your operation.
Establish an approachable culture
If you’re entrusting your employees to be aware of warning signs or suspicious activity, you need to let them know that they can come to you with their concerns. People make mistakes, Eliot says, and they shouldn’t feel as though they will be punished for bringing concerns about their mistakes to leadership.
“Someone may come to you and say, ‘I think I received a malicious email. I clicked this link, and we need to look into it,'” Eliot says. “It’s important that your staff feel comfortable approaching the appropriate people and not feel as though they’re going to get in trouble for reporting their actions.”