How Retailers Are Maintaining Security Amidst IoT Innovation

By Mark Stone, Contributor

In an effort to combat online retail giants, businesses from mom-and-pop shops to major department stores are turning to IoT technology to enhance the in-store experience. And with 70 percent of online shoppers abandoning their shopping carts, there is plenty of incentive to innovate around the brick-and-mortar experience.

Michelle Bacharach, CEO of FindMine, founded her company after realizing technology could drive a smarter, more personalized retail experience. Online, FindMine software’s automated “Complete the Look” technology creates complete outfits around each product a potential customer views. In the physical world, FindMine allows retailer associates to show shoppers what other items would look good with their selected item, using a tablet device.

FindMine is just one example of retailers looking to harness emerging technologies like IoT, which is expanding with everything from magic mirrors to smart fitting rooms that help customers with various sartorial needs.

With the right mindset, retail businesses can turn these technological advancements into a victory of sorts over e-commerce. “Focus on user experience and making it better,” Bacharach recommended. “If you can make it more frictionless than e-commerce, that’s huge.”

While these smart systems are poised to dominate the retail space by 2021, retail owners are wise to also take necessary security precautions, asking questions like, how vulnerable are these IoT devices?

IoT Security Strategies

Despite its advantages, ensuring the security and privacy of new IoT devices may prevent retailers from innovating in the first place. But experts say it doesn’t have to be this way.

Angel Grant, director of Identity, Fraud & Risk Intelligence for RSA, argued that for anything involving security, basics rule. The security industry is founded on the CIA triad of confidentiality, integrity, and availability.

“Any security strategy — whether IoT, cloud, or mobile — needs to start with that basic fundamental strategy to control what sensitive information can be available to whom, what information it is, and that it’s accessible when needed,” Grant said.

“If you can make it more frictionless than e-commerce, that’s huge.”

– Michelle Bacharach, CEO of FindMine

Keeping with these underlying principles, she also recommended understanding the complete IoT supply chain. “Each new IoT endpoint introduces a new vulnerability, and you need to know the implications around that and what that means for your organization,” she added.

“You should have a test-to-fail strategy, or penetration test, where someone tests that device in order to determine the consequences of what any kind of failure or vulnerability would be to your business.”

Moving into more specific strategies, Grant advised retailers to ensure they’re following best practices around network segmentation, which involves splitting the network into individual segments (subnetworks). “You want your IoT devices segmented from other IT devices or resources that contain sensitive information,” she went on, “and to be able to quarantine that information.”

She explained that segmentation can also protect a network’s valuable data and resources from third-party vendors, who may require access to a specific IoT device, but shouldn’t be able to access anything else.

Grant also recommended those jumping into IoT ensure they have a patch management strategy in place. This means that the firmware (hardcoded software) is always up to date and not vulnerable. Last but not least, Grant added, “and definitely change the default password on your IoT devices.”

Not to Be Feared or Handled Alone

While these security strategies may sound simple, retailers often lack the security resources to look at things holistically and keep pace with the fast-moving technology affecting their industry.

Yet Grant emphasized how important it was for retailers to understand that security shouldn’t be considered an added expense. Retailers using IoT must instead be aware of the financial consequences of not securing their infrastructure. “Security shouldn’t be considered an expense; the losses can be crippling,” she stated.

By leveraging third-party vendors to help put together a security plan, retailers can offload potentially overwhelming responsibilities.“You can do it in stages,” Grant said. “As you develop your IoT strategy, experts can do what’s required to suit your budget.”

In the end, the message was clear: While vulnerability comes with the territory of IoT expansion, retailers shouldn’t be afraid of new technology that can be used to enrich the consumer experience, driving new traffic and revenue.

As Bacharach put it, “For the consumer, it’s a beautiful user experience and can be a huge value add.”