ALEXANDRIA, Va. -- Cyberattacks aren’t just a worry for the U.S. government. Convenience-store retailers have a responsibility as providers of fuel, food and other staples to safeguard their electronic systems and data. That’s according to Gray Taylor, the executive director of Conexxus, Alexandria, Va., who joined Jeff Lenard, vice president of strategic industry initiatives for NACS, for a chat about cybersecurity on the Convenience Matters podcast presented by Alexandria, Va.-based NACS.
Here are four tips from their discussion for retailers big and small looking to protect themselves and their employees from cybersecurity threats …
Purchase and regularly update virus protection software
“No. 1, definitely invest in firewalls,” said Taylor. “Definitely invest in anti-virus and malware detectors. That’s worth it. Keep your software patched, because that’s how zero-day exploits get closed down.”
Zero-day exploits are holes in software security found and used by hackers before the software vendor is aware they exist. Security software vendors fill these holes with software patches as soon as hackers start to take advantage of them, but patches from the vendor need to be downloaded to be effective.
Treat emails from people you don’t know carefully
Last year’s hack of the Democratic National Committee was achieved through a practice called spear phishing, and it can happen to anyone, Taylor said.
Hackers often research potential targets on social media before they hack them. They find out where their target went to college or other basic information about them, and email them posing as an old acquaintance. Spear-phishing emails include a link the hacker asks their target to click on. Clicking on this link allows the hacker past the target’s firewall and into their system.
If you receive an email from someone you don’t know asking you to click on a link, be careful. If you’re not sure if the message is malicious, check to see if the email has spelling or formatting errors. These are usually signs that the sender is attempting to gain access to your system.
Train employees on secure computer use
“For all of our elegance in protecting the castle, it gets brought down by a lot of little peashooters, and invariably what those peashooters tend to be are people,” said Taylor. Even with up-to-date security software, it’s important to make sure employees practice what Taylor calls good cybersecurity “hygiene.”
Taylor points to devices and online services that share data between computers, such as USB drives or Dropbox, as potential carriers of computer viruses or malware. He suggests making sure employees do not use Dropbox accounts not authorized by the company in the office. Also, if you can’t keep employees from using the USB drives in their work computers, he suggests gluing down USB connections on company computers so they can’t be used.
Consider keeping a backup generator
One way Taylor and Lenard define the potential threat of a cyberattack is by comparing it to a natural disaster or nuclear attack. Some foreign countries might be capable of hacking into the U.S. energy grid and disabling power across most of the country. “This is the run, duck and cover of our day,” said Taylor.
If most of the nation’s power grid was disabled, c-stores would become one of the main sources of supplies for communities across the country, effectively making them first responders in an emergency. “Convenience stores sell 80% of the gas in the country. They sell 50% of the immediate consumption bottled water and they own one-third of the ATMs,” said Lenard, who likened today’s potential for a cybersecurity crisis to Y2K at the turn of the century.
With this in mind, Taylor and the hosts urged listeners to consider buying a backup generator to keep in case of power outages resulting from a nationwide cyberattack.