The top cybersecurity challenges for brick-and-mortar stores

What comes into your mind when you hear about cyberattacks targeting retailers? Do you imagine a hacker infiltrating a store’s website and taking it offline? This might be true for some retailers, but it’s also important to know that even brick-and-mortar shops or streetside businesses that offer products and services to its customers face-to-face are also vulnerable to these attacks. This is why it’s important to keep your store protected 24/7/365 from cyberattacks.

Let’s take a look at some of the challenges your retail business can face:

#1. Point-of-sale (POS) attacks

POS systems collect data for hundreds of transactions every day, including customer names, phone numbers, addresses, and the like, making them attractive to cybercriminals. Cybercriminals can sell this information on the dark web for a lucrative price. They can also use the data for personal and financial gain.

Outdated systems

Many companies fail to update their POS systems’ operating systems (OS). Once an OS is outdated, it no longer gets security patches from its manufacturer, making it vulnerable to cyberattacks.

So once your POS system’s OS has reached its end of life, consider upgrading to a more modern OS that can handle the work more efficiently. This way, you are reducing the risk of cyberthreats attacking your organization.


Retail stores also have to be wary of malicious software or malware. There are malware variants that can collect credit card numbers through internal unencrypted networks.

RAM-scraping malware can also collect credit card numbers when logged into a computer’s memory. The collected data is stored in a file so cybercriminals can extract the data later for personal gain.

In the cyberattack against retailer Target, hackers used a virus that was undetectable by antivirus scanners, allowing them to steal the credit and debit card information of up to 40 million shoppers who visited Target stores during the 2013 holiday season. The data breach was so massive that it forced the retail giant to pay $18.5 million to settle claims.

In 2017, apparel retailer Forever 21 suffered a POS malware attack that lasted for seven months. This compromised shoppers’ payment card data, among other information. Investigations found signs of unauthorized network access and the installation of malware designed to search for payment card data.

Stores should also be careful of ransomware. Typical POS malware persists in the target’s network for months while it extracts credit card data. Ransomware, on the other hand, needs only minutes to shut off POS systems, bringing business and revenue to a halt. Once your systems are locked up, not only will you lose money from recovery expenses, but you will also lose the trust of your current customers and prevent new clients from coming in.

To protect your system from malware, keep your antivirus and anti-malware software up to date. Install all security patches for your POS once they’re available so malicious programs cannot exploit weaknesses in your systems.

#2. Social engineering attacks

Social engineering involves tricking your business into divulging confidential information that cybercriminals can use for fraud. A cybercriminal typically pretends to be an authorized person, such as an accounting or IT representative, to trick employees to hand over sensitive information.

To mitigate the risk of social engineering attacks, teach your employees to carefully check all the emails they receive and spot the signs of a phishing campaign, such as confidential information requests, unsolicited attachments, account verification requests, and the like. Disallow them from plugging in external media as well to limit the chances of installing malicious software.

#3. Increasing Integration with the Internet of Things (IoT)

IoT has immense potential in the retail industry, especially with brick-and-mortar stores. Devices like refrigerators, TVs, and other home appliances can now connect to the web, and companies are trying to integrate in-store cameras and sensors with shoppers’ smartphones.

However, when multiple devices are connected to an organization’s network, the company becomes vulnerable to attacks. For instance, if cybercriminals are able to connect to your network, they can easily look for vulnerabilities in your system, and use them to exfiltrate confidential data.

To mitigate the risk of IoT-based attacks, you can create a new network for such devices. Because your main office network is separated, mission-critical files will stay safe from cybercriminals. Make sure to also change your network passwords often so previous users cannot reconnect and use their access privileges to launch cyberattacks on your business.

Brick-and-mortar stores like yours deserve better cybersecurity. When you partner with ERGOS, you won’t have to worry about security issues again. Through our INFINIT Shield service, we implement proprietary and intelligent technology that improves threat management efficacy and minimizes the risk of threats for your business. Interested? Get your FREE security assessment today.

Get a FREE Security Assessment

Find out how your defenses fare against cyberthreats and identify vulnerabilities in your IT environment.

Get Free Assessment