Help Isom IGA recover from devasting floods
Help Isom IGA recover from devasting floods
Understaffed and overworked this holiday season? Those of us in the grocery and retail industries know it, and so does someone else: cybercriminals. They know small businesses are at their weakest right now, during the busiest time of a year of record labor shortages, and they're ready to bring your store down.
“Ransomware cybercriminals attack during the holidays because they know retailers are too busy to notice,” Ken Andrews, CEO of Millennium Digital Technologies, says. “Many of them target small businesses because they have older technology, are less likely to have security teams who can help prevent or stop an attack, and might not even notice the attack until the damage is done."
These holiday attacks make the damage exponentially more expensive. The average data breach in the U.S. costs $9.44 million — twice as much as the global average — according to IBM. And a 2022 Cybereason report, which surveyed more than 1,200 cybersecurity professionals at medium to large businesses, says that an attack on a retailer during the weekend or holidays:
97% of those surveyed said they had missed a holiday or weekend event because of a ransomware attack," the report says.
"Some independent retailers think a ransomware attack can't happen to them. They think they're too small. But that is simply not true," says IGA CEO John Ross. "If you do not have a protection program in place this holiday season, you are playing with fire."
Nearly 11% of Independent Grocers Alliance stores are using one of the five levels of the cybersecurity program available through our partner, Millennium Digital Technologies, and each of those stores has a 100% success rate for protecting machines.
"We are proving a negative here," says Andrews. "In other words, it works so well that nothing happened —there are no breached computers on the protected network."
But 11% of IGA members is not nearly enough, says Ross. "Each and every one of our retailers should be on this program at some level or another."
From the new software solution that offers a quick fix for busy retailers to the full-service comprehensive program, IGA's cybersecurity program has an option for every store at every price point. In fact, there is even a free version that offers training modules, a security assessment, and best practices to get retailers started.
We spoke to Andrews about the cybersecurity program and common questions retailers have about protecting themselves against attacks.
Andrews: Success is no breached computers on the protected network. So we have a 100% success rate. But that is not the most visible or even most appreciated benefit that business owners recognize.
They see the most direct benefit as the very high quality of technical support, compliance assistance, and related tools. From our perspective, the biggest benefit is that we’re protecting their systems and the Independent Grocers Alliance retailers' brands by keeping the bad guys out.
We’re also a second set of eyes on the things that they or their other vendors are doing on the network to ensure they aren’t opening up holes that could later impact the merchant. We deny a lot of requests both from merchant staff and their vendors that would open huge holes that could have been used to infiltrate the network.
Andrews: Our main interest is in protecting the merchant, so it depends on the store. What protection is in place now? What kind of networks are we talking about? Most technology is vulnerable to an attack, from the POS software to an employee using the store's Wi-Fi on their phone.
Andrews: We now offer EDRGuard software — a low cost solution — that is a quick fix to provide safety. Not only will it catch threats that some other solutions miss, it also includes periodic scans of your internet connection looking for known vulnerabilities and configuration errors. And in the unlikely event that a cyber incident were to occur, the included Advantage $100K breach indemnity program provides no sub-limit coverage for the cyber event.
Andrews: Complying to PCI (Payment Card Industry) standards and installing anti-virus software on store computers is not enough. PCI is there to protect VISA, Mastercard, and the acquiring bank, not the merchant data.
That means email or apps accessed through the store's wireless internet are constantly putting your network at risk of infection and exposing your data. This doesn't just apply to the store's computers. It affects employee and shopper cell phones using the wireless.
Andrews: Contact us to set up a consultation (fill out the form below). It should take less than 30 minutes and will allow us to learn about your current setup and go over some high level topics to keep it easy to understand for a non-technical person. Usually we talk to store owners or general managers, and in some cases IT if the store has an IT person.
These Stories on Cybersecurity
8745 West Higgins Rd. Ste 210
Chicago, IL 60631
Phone: (773) 693-4520
Fax: (773) 693-4533
No Comments Yet
Let us know what you think