R-CISC Advisory: 2015 Holiday Guidance

The holiday season is almost here. Large and small retailers are getting ready; they’re building up inventory, hiring part time employees, and preparing for Black Friday. Customers are finishing their shopping lists and scouring the Internet for discounts.

 

Another group – one that operates in the shadows – is also getting ready; innovative, highly experienced, and highly trained hackers.

This is the busy season for criminal enterprises that steal and sell data from retailers and their customers. It’s a big problem and a big business. With more finances and transactions happening electronically, consumers are becoming even more susceptible to these threats. According to The National Retail Federation, U.S. shoppers spent upwards of $50 billion in-stores and online last year over Thanksgiving weekend. By contrast, McAfee estimates the global cost of cybercrime to be between $400 and $575 billion*, annually.

To ensure that black Friday isn’t “hack” Friday, consumers and retailers alike should take steps to increase vigilance and safeguard personal information. So, what can consumers do to protect their data?

For one, they should understand the types of information hackers target so they can limit vulnerability. To protect this data, consumers should:

  • Be vigilant – and consistently monitor bank and credit card statements and other personal information;
  • Use complex passwords and change them periodically – passwords should not contain personally identifiable information like your birthdate, social security number, or insurance information;
  • Understand and learn how to use the security and privacy settings on social networks that can protect you and your family’s personal information;
  • If you have children, monitor their online activity to keep them from oversharing or becoming easy targets;
  • And be cognizant upon receiving unfamiliar emails – the vast majority of successful hacks occur when individuals unknowingly click on tainted links.

Retailers are also taking additional steps to protect consumer data. This year, major retailers including Walgreens, JCPenny, Gap, TJX and Lowe’s joined the Retail Cyber Intelligence Sharing Center (R-CISC), a growing network established in 2014 to enable information sharing among the retail industry.

The R-CISC is committed to helping retailers work together to protect and enhance consumer privacy. The R-CISC allows retailers that are identifying hacking attempts against their network to quickly and effectively share information about the threat not just with law enforcement, but with other participating retailers who might likely become the “next target.” By sharing threat information securely and in real time we can help our members stay ahead of criminals.

*Net Losses: Estimating the Global Cost of Cybercrime. Rep. Center for Strategic and International Studies, June 2014. Web.