The headlines about data breaches and cybersecurity always focus on the big retail chains, but small independent merchants are just as vulnerable, if not more so.
At a panel session Feb. 10 at the National Grocers Association's annual convention, retailers and security professionals said independent grocers face special challenges when it comes to data breaches, Supermarket News reported. The session was moderated by Ken Grogan, manager of treasury services, Wakefern Food Corp.
The numbers are sobering. Roughly 90 percent of data breaches affect small merchants and 70 percent of small businesses go out of business six months after a breach, Paul Kleinschnitz, SVP and general manager, cyber security solutions, First Data, reported.
Nearly a third of cyberattacks occur at companies with less than 250 employees, an infographic from insurer New Agency Partners confirmed. Eighty-five percent of data breaches occur at small businesses, 40 percent do not have a contingency plan, and 60 percent will shut down after a cyber attack, the company reported.
"The large guys aren't going out of business," Kleinschnitz said. "We need to provide solutions from both business and cyber-protection standpoints."
Because of a surge in malware growth, thieves no longer need to be physically present to inflict damage. Crooks can monetize unencrypted credit- and debit-card data, and their targets can go beyond payments. Multi-layered security approaches are needed as solutions like the Payment Card Industry Data Security Standard don't provide a comprehensive answer, he said.
"Awareness and acknowledgement of the problem is a big challenge," he said.
URM Stores, a wholesaler in the Pacific Northwest, was hit by a breach in 2013 and has since bolstered its security, said Ray Sprinkle, president and CEO. Point-to-point encryption is beneficial because it makes data less valuable to thieves. Companies should also look beyond credit and debit cards to evaluate all data for what is most important to protect and encrypt, he said.
Even after enhancing security, a company needs to be honest with customers in discussing vulnerabilities, Sprinkle said. "Customers need to understand you can't guarantee security. You have to be careful in how you frame the discussion," he said.
An independent grocer on the panel advised others to create cyber-disaster plans. "Keep track of everything that occurs. Keep all logs, policies and procedures," said Paul Doty, director of information technology, Sendik's Food Markets. For companies trying to stay on top of developments, security measures can be daunting, he said.
"You probably don't want to take this all on yourself," he said. "Reach out to a security professional."
Businesses at the highest risk of data breaches are healthcare practices, law offices, accounting offices, retailers, restaurants and financial services, according to New Agency Partners.
-See this Supermarket News article
-See this New Agency Partners infographic (pdf)
Consumers say card breaches common
Target found negligent in data breach
Asset management critical to IT security
Kmart confirms data breach
Home Depot confirms 53 million email addresses stolen, blames Windows