5 Cybersecurity Questions Answered

Understaffed and overworked this holiday season? Those of us in the grocery and retail industries know it, and so does someone else: cybercriminals. They know small businesses are at their weakest right now, during the busiest time of a year of record labor shortages, and they're ready to bring your store down.

“Ransomware cybercriminals attack during the holidays because they know retailers are too busy to notice,” Ken Andrews, CEO of Millennium Digital Technologies, says. “Many of them target small businesses because they have older technology, are less likely to have security teams who can help prevent or stop an attack, and might not even notice the attack until the damage is done." 

These holiday attacks make the damage exponentially more expensive. The average data breach in the U.S. costs $9.44 million — twice as much as the global average — according to IBM. And a 2022 Cybereason report, which surveyed more than 1,200 cybersecurity professionals at medium to large businesses, says that an attack on a retailer during the weekend or holidays:

• Takes more time to respond to
• Takes longer to assess the scope of the attack
• Costs the business more money

97% of those surveyed said they had missed a holiday or weekend event because of a ransomware attack," the report says.

"Some independent retailers think a ransomware attack can't happen to them. They think they're too small. But that is simply not true," says IGA CEO John Ross. "If you do not have a protection program in place this holiday season, you are playing with fire."

Nearly 11% of Independent Grocers Alliance stores are using one of the five levels of the cybersecurity program available through our partner, Millennium Digital Technologies, and each of those stores has a 100% success rate for protecting machines. 

"We are proving a negative here," says Andrews. "In other words, it works so well that nothing happened —there are no breached computers on the protected network."

But 11% of IGA members is not nearly enough, says Ross. "Each and every one of our retailers should be on this program at some level or another." 

From the new software solution that offers a quick fix for busy retailers to the full-service comprehensive program, IGA's cybersecurity program has an option for every store at every price point. In fact, there is even a free version that offers training modules, a security assessment, and best practices to get retailers started.

We spoke to Andrews about the cybersecurity program and common questions retailers have about protecting themselves against attacks.

What does success look like for a retailer using the cybersecurity program?

Andrews: Success is no breached computers on the protected network. So we have a 100% success rate. But that is not the most visible or even most appreciated benefit that business owners recognize.

They see the most direct benefit as the very high quality of technical support, compliance assistance, and related tools. From our perspective, the biggest benefit is that we’re protecting their systems and the Independent Grocers Alliance retailers' brands by keeping the bad guys out.

We’re also a second set of eyes on the things that they or their other vendors are doing on the network to ensure they aren’t opening up holes that could later impact the merchant. We deny a lot of requests both from merchant staff and their vendors that would open huge holes that could have been used to infiltrate the network.

Which IGA Cybersecurity Program level is best for our independent retailers?

Andrews: Our main interest is in protecting the merchant, so it depends on the store. What protection is in place now? What kind of networks are we talking about? Most technology is vulnerable to an attack, from the POS software to an employee using the store's Wi-Fi on their phone.

What if a retailer needs protection but doesn't want to install hardware?

Andrews: We now offer EDRGuard software  — a low cost solution — that is a quick fix to provide safety. Not only will it catch threats that some other solutions miss, it also includes periodic scans of your internet connection looking for known vulnerabilities and configuration errors. And in the unlikely event that a cyber incident were to occur, the included Advantage $100K breach indemnity program provides no sub-limit coverage for the cyber event.

Doesn't PCI compliance protect against attacks?

Andrews: Complying to PCI (Payment Card Industry) standards and installing anti-virus software on store computers is not enough. PCI is there to protect VISA, Mastercard, and the acquiring bank, not the merchant data.

That means email or apps accessed through the store's wireless internet are constantly putting your network at risk of infection and exposing your data. This doesn't just apply to the store's computers. It affects employee and shopper cell phones using the wireless.

How can a retailer learn more about the program or get started?

Andrews: Contact us to set up a consultation (fill out the form below). It should take less than 30 minutes and will allow us to learn about your current setup and go over some high level topics to keep it easy to understand for a non-technical person. Usually we talk to store owners or general managers, and in some cases IT if the store has an IT person.