Protect Your Operation Against Cyberattacks

Luke Vander Linden is vice president of marketing and membership for the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), a cybersecurity sharing and collaboration community for the consumer-facing business sector.

At the 2023 NHPA Independents Conference, Vander Linden shared how retailers can protect themselves against cyberthreats, including starting with a plan and encouraging a culture that pays attention to cybersecurity.

“It’s so important to have a plan in place,” he says. “Treat your plan as you would any other protocol, like safety or loss prevention, and make it an extension of your overall safety plan. Refer to your cybersecurity plan often, practice with staff and create a culture of cyberawarenness.”

Along with setting up the processes and security measures in your operation, Vander Linden says you need to look at your third-party vendors you work with.

“You can do everything under the sun to protect yourself, but if your vendors aren’t protected you’ll be liable and at risk,” he says.

5 Ways to Protect Your Operation

• Provide security awareness training to employees. “Teach employees to be skeptical of emails, texts and other requests for information.”
• Require multifactor authentication. “Many businesses are moving to using multifactor authentication, so employees should already be accustomed to having to type in additional codes when logging in.”
• Conduct regular software updates. “Many software updates come through so that the software can be more secure. Don’t ignore these updates to keep yourself protected.”
• Utilize data encryption and backups. “If you do go through a cyberattack, your backups will be crucial to getting back up quickly.”
• Frequently change passwords. “Change your passwords frequently, make them long and difficult to guess and consider using a password manager.”

North American Hardware and Paint Association (NHPA): Tell us about your career journey so far.
Luke Vander Linden (LVL): I did not initially come from the cybersecurity world but from the association world, and so I understand how important associations are to encourage collaboration and serve the professionals in that industry. I’ve also worked in nonprofit fundraising, which uses a lot of the same skill sets as working for an association, just for a different purpose. Before that, I worked in public broadcasting television. It hasn’t been a linear path, but it has been a fun ride so far. And it also proves that nontechnical people can have careers in cybersecurity or at least have a good awareness of it.

NHPA: How is RH-ISAC helping retailers combat cybersecurity issues?
LVL: The RH-ISAC is a nonprofit membership organization founded in 2014, so it’s still fairly young. It was formed as the result of several large cybersecurity breaches in the retail sector about a decade ago. Those breaches made the need for collaboration within the retail industry apparent and showed the industry it needed a secure environment for cybersecurity professionals to collaborate, share threat intelligence and develop best practices and strategies. We started with 30 members and have grown to 230 members since then, representing about 3,000 cybersecurity professionals at those member companies. What our mission really boils down to is providing a space for collaboration, which results in the entire sector being more prepared and better protected from cybercriminals.

NHPA: What impact did the pandemic have on cybersecurity?
LVL: Now, more than any time in our history, the cybersecurity industry has gone through a period of rapid transformation, especially because of the pandemic. During that time, most retailers essentially became full-time e-commerce companies. Many had never dabbled in online selling or connected with customers online and now they are dealing with online transactions, storing data and other digital challenges.

So the pandemic really expanded what we call the attack surface, and it added a tremendous amount of risk and need for collaboration.

NHPA: What are some of the other cybersecurity trends and current issues retailers need to be aware of?
LVL: I think people have a preconceived notion of cyberattacks coming from highly sophisticated threat actors. While cyberattacks and hackers are becoming increasingly sophisticated, many are relying on basic techniques, which means there are basic steps retailers can take to protect themselves. These include not using the same password everywhere and making sure all of your systems are updated.

Strengthening your defenses with fundamental best practices can go a long way.

NHPA: Can you give us a sneak peek of what your talk at the 2023 NHPA Independents Conference will cover?
LVL: I’ll discuss some of the trends we’re seeing in both smaller and larger organizations. And we’ll talk about those basic ways retailers can protect themselves. I’ll also go on a deep dive into some of the cybersecurity topics and areas retailers should pay attention to in order to protect their operations. I’m looking forward to meeting your members in Dallas!

• When it comes to cyberattacks, it’s a matter of when, not if.
• Have a plan for cyberattacks.
• Create a culture of cyberawareness.

Follow Luke on LinkedIn