White NRA Horizontal logo

connectingRetail-white

The Digital Business Kit for Retailers


Learning Outcomes

Retailers will gain an understanding of the different online Security and privacy risks and opportunities to address these. [printfriendly]

mod-arrow Hardware Security

There are two main hardware security elements:

software1. Removable/portable devices: This can include USB or memory sticks, disks (CD/DVD), memory chips or cards, smartphones, etc. Any of these removable devices can carry a virus into another system. Proper policy needs to be followed to ensure all removable devices are uninfected. Appropriate practices include (but are not limited to) anti-virus programs that will scan devices, computer/system settings that don’t allow an auto-run from removable hardware and other precautions.

2. Servers/hard drives: Where your company data is permanently stored. This can include your hard drive, local servers and/or your company intranet or storage servers which are provided by third parties such as Amazon, Google or smaller independent providers.

TIP:

As always, company policy and security software are the best solutions. Company policy will reduce chances of hardware infection. Security software that owners install (with the appropriate functions and permissions) will scan any hardware inserted into any company device for malware before allowing the device to access files on the hardware. Peruse our “Industry Best Practice articles” in our resource section to develop a company policy on security software and implementation for you and your staff.

Also be aware of BYOD (bring your own devices) policy. It is increasingly popular for workers to use their own devices at work. This has many benefits but also has risks, such as their devices infecting the business or business system infecting their device. Here is a link to the definition of BYOD and more resources.

Considerations

Local servers and intranet: If your retail business has a shared network that is contained in one building (LAN) or across several locations (WAN), your company should have an IT department or person responsible for maintenance and security of this network. The IT person/department will also write, own and manage policy for the server and intranet permission. See examples in the resource section on securing intranet/servers for best practices.

Third party servers and services including Cloud storage: Depending on your retail business activities and regional laws, it is important to understand where and how your data is stored by a 3rd party provider. Areas that need to be addressed include:

  • Website hosting
  • Shopping cart host
  • Location of data servers (for example, the seller of storage services may be Australian, but their servers may be in another country)
  • Security policy of the 3rd party providers (see more in the 3rd party protection pages of this website)

Protection from hardware security breach: Similar to individual computers/stations, anti-virus and security programs should be used to protect all hardware systems. Develop specific policy and adherence to best practices that are specific to hardware, such as not allowing auto-run or having security programs that include intranet firewalls.

Intranet Firewalls: Are commonly used in intranets and are defined as, “A system designed to prevent unauthorised access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorised Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.”  (Source:  Webopedia)