Welcome to Retail Checks and Balances, a podcast that takes you behind the scenes of the bustling world of commerce and culinary delights to help you grow your business and win. Join us as we explore the fascinating stories, trends, and challenges that shape the retail and hospitality industry, from cozy corner cafes to sprawling shopping malls and everything in between. And now, here's your host, Kevin Spencer.

This is RCB. Retail Checks and Balances back once again to talk about something that's critical and scary at the same time. Ransomware in retail. I mean, we've heard this all over the world and When we break down cyber security and fraud trends impacting the retail world itself, we've got to understand what this costly threat is about. You probably heard headlines like major brands brought to a standstill, customer data leaked, millions paid in ransom demands. But ransomware isn't just a problem for Fortune 500 companies, it's hitting businesses of all sizes, from regional chains to mom and pop shops. So what exactly is ransomware you know how cyber criminals targeting retailers And more importantly, how can you protect your business? Let's unpack that. Ransomware is a type of malicious software that encrypts victims' files or systems. The attackers then demand payment. Often it's in cryptocurrency to unlock that particular data. And retailing consequences can be brutal. POS systems shut down, supply chains disrupted, and customer trust eroded overnight. And even if you pay the ransom, there's no guarantee you'll get your data back or that the attackers won't strike again, right? You know, one of the most infamous cases I've heard about was back in 2021 on a fashion retailer. Hackers access personal data of over 1,300 employees. And that's just one example of dozens. So why are retailers a prime target? First, there's a share volume of sensitive data, credit card numbers, personal details, loyalty programming. It's a goldmine for hackers. Secondly, you know, retailers are under severe pressure. Long time means lost of sales by the minute. That urgency makes company more likely to pay up just to get back online. And finally, retailers often has gaps in security. Legacy systems, two-part events, vendors, seasonal staff can all create vulnerabilities. Here's a alarming report according to IBM. In 2023, the average cost of a ransomware attack on a retail business was over $2 million when you factor in downtime, legal fees, and recovery. How these attacks happen is the big thing. You get phishing emails, a fake invoice, or shipping notice, tricks, and employing to click in a malicious link. Unpacked system, outdated software operating system that haven't been updated. Provide an easy way in. Two-part events, a weak link in your supply chain can become an open door for attackers. In many cases, attackers lurk in the system for weeks or months before striking, quietly mapping out the network and stealing data. What can you do? I mean, you have to do some employee training to protect your business, make cybersecurity awareness part of onboarding and ongoing training for everybody in the organization. Regular backup stock, encrypting backups offline and test them often and not have any access that backup to anywhere on your network. Path systems, update software and firmware regularly to close vulnerabilities. Whatever ransomware or virus protection software should be always up to date. You should have Go with reliable companies that are experts in this regard. Limit access. Not every employee needs access to every system. Use rule-based access controls. And finally, have a response, incident response plan. Have a game plan. before you're on that time is critical and consider any sort of cyber insurance that's available if it is available in your particular countries. And the thing is, if these particular items are implemented, you know, you should be pretty safe. I'm not saying that everything is going to be all right, because there is going to be some sort of vulnerabilities, but if you mitigate those risks as much as possible, you should be okay as a retailer. And you know, the thing is, retailers often think they're too small to be a target, but that's exactly what makes them vulnerable. Cybercriminals automate their attacks. If your defense is weak, you're low-hanging fruit for sure. I know a lot of companies have very outdated systems, operating systems that are not even supported anymore. But they're suffering, so they think they're okay. And it's just far from the truth. Ransomware isn't going away. In fact, it's evolving fast. of the right preparation, education and tools. Retailers can reduce their risk and stay resilient. And I hope, you know, You take this as serious as I always tell people, it's not a joke. It's you, everyone is a target. Even you yourself as a personal, your personal PC, you need to make sure that, you know, most of your things are not vulnerable to attacks. You know, you try to get free software because it's free and it says free and it's going to protect you because, you know, they say they get paid. But some of these free softwares, are basically not what you want to be investing in. Well, that's it for now. And I hope you take this as seriously as I do and protect your system, protect yourself, protect your organizations. Make sure you listen to the experts out there on ransomware and cybersecurity. And hopefully we all win the day going forward.

Kevin Spencer

Thank you very much. Thanks so much for tuning into this episode. We sure do appreciate it. If you haven't done so already, make sure you're subscribed to the show wherever you consume podcasts. So we'll get updates as new episodes become available. And if you feel so inclined, please leave us a review until next time, friends.