Cybersecurity called imperative for independents

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://supermarketnews.com/technology/cybersecurity-called-imperative-independents

The threat of data breaches is frightening to any company, but smaller
organizations such as independent grocers face special challenges,
according to an educational session on cybersecurity Tuesday at The NGA
Show in Las Vegas.

About 90% of data breaches impact small merchants, and 70% of small
business owners go out of business six months after a breach, according to
Paul Kleinschnitz, SVP and general manager, cyber security solutions, First
Data.

“The large guys aren’t going out of business,” he said. “We need to provide
solutions from both business and cyber-protection standpoints.”

Kleinschnitz said that a surge in malware growth means thieves no longer
need physical presences to cause great harm. Criminals monetize unencrypted
credit- and debit-card data, and targets can go well beyond payments.
Solutions such as PCI aren’t total answers by themselves. Multi-layered
security approaches are needed, he said.

“Awareness and acknowledgement of the problem is a big challenge,” he
emphasized.

Paul Doty, director of information technology, Sendik’s Food Markets,
Milwaukee, advised companies to create cyber-disaster plans. “Keep track of
everything that occurs,” he said. “Keep all logs, policies and procedures.”

He said security measures can be daunting for companies trying to stay on
top of all developments.

“You probably don’t want to take this all on yourself,” he said. “Reach out
to a security professional.”

Ray Sprinkle, president and CEO, URM Stores, a wholesaler operating in the
Pacific Northwest, noted that his company was hit by a breach in 2013 and
has since worked hard to bolster its security. He pointed to the benefits
of point-to-point encryption because it makes data less valuable to
thieves. He also urged companies to look beyond just credit and debit cards
to evaluate all data in terms of what is most important to protect and
encrypt.

Even after enhancing security, a company needs to be honest with customers
in discussing vulnerabilities, Sprinkle said.

“Customers need to understand you can’t guarantee security,” he said. “You
have to be careful in how you frame the discussion.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!