White NRA Horizontal logo

connectingRetail-white

The Digital Business Kit for Retailers


Learning Outcomes

Retailers will gain an understanding of the different online Security and privacy risks and opportunities to address these. [printfriendly]

mod-arrow Security Plan

Best practices for security planning

This website provides a list of best practices for a basic security plan. If your retail business has little to no security policy in place, please review the suggested five items to start with here. For more advanced users, the  resource page has additional material, links, templates, reviews and more.

Level 1:

The following items will help your company improve security and privacy. There are free solutions and easy-to-follow resource links. If your company does nothing else, it should ensure these items are in place! If you are willing to invest a bit more time in researching appropriate and manageable security plans for your company, first check to see that you have addressed the items below, then move on to level 2.

The top 5 security and privacy must haves
  1. Install antivirus and security software for your devices, browsers and network: These programs will scan emails, devices, websites, and programs for risks and alert users of potential danger. They can also be set to prevent action that would cause damage by blocking visits to malicious websites or preventing the opening of an infected attachment. Programs can also include firewalls for networks. Visit the resource section for a list of security software reviews, free and paid programs and more.
  2. Security and privacy policy for staff: Many security and privacy events are due to a mistake or the unknowing actions of a staff person. Make sure there is a clear policy around all online activities, data handling and online communications.
  3. Back-ups – A company backup is essential: This can be a cloud-based backup or a device backup (to a storage device like a USB or external hard drive) and must be a part of your policy and service requirements. It must be carried out diligently. There are programs that will automate systems’ backups if manually backing up system information is not being adhered to by staff. Visit the Cloud module for more on cloud-based backup services (including free services).
  4. Secure e-commerce: If your company is selling online and/or collecting credit card information, ensure the pages being used to collect this information are SSL security set (SSL certificate for your site is supplied by your hosting company). This means you should see https:// instead of http://. The “s” represents security. A reputable 3rd party should be considered for handling credit cards and storing any sensitive customer data.
  5. Password strength: An easy fix with great results – making your system passwords a few digits longer and a mix of characters and numbers can extend time for a hacker to access your system from 10 minutes to several years. Worried about remembering all the passwords? There are lots of programs out there that can help you with passwords – check out our  resource section.

Level 2:

There are a number of valuable articles in the resource section discussing the best practices for business including third party sites such as:

Planning for online security

Australian Commission and Media Authority (ACMA) l e-commerce Security
http://www.acma.gov.au/Industry/Internet/e-Security

Get Smart online
http://staysmartonline.gov.au/business

Interactive IT Security Training Tools for Your Employees | Sophos *
http://www.sophos.com/en-us/security-news-trends/it-security-dos-and-donts/training-tools.aspx

*The Sophos free-training tool and module contains easy to follow, valuable guides, definitions and templates. This resource can be used from research through to implementation, as well as, how-to’s and fixes.