Are your store’s devices secure this holiday season?

This holiday season, the National Retail Federation predicts U.S. retail sales will be up between 2.5% and 3.5%. 

Shoppers will be making purchases both in-store and online — presenting a growing market for retailers as well as a growing opportunity for cybercriminals to exploit the busy season and infiltrate a store’s network.

Just one unsecured endpoint could lead to a breach. And with the rapid advancement of retail technology, it’s crucial that store owners keep pace with cybercriminals to protect their people, their customers, and their operations. As retailers look to safeguard against threats ahead of busy season, they should consider the opportunities and risks of in-store devices in their cybersecurity strategy.

Handhelds

Today’s retail environment is full of handheld devices. These useful tools connect to a variety of systems and data stores, plus they allow staff to streamline and accelerate many tedious tasks that have traditionally consumed a lot of time — from accessing backend systems to coordinating store activities and providing customer support. Most retailers today have a mix of simple and complex handheld programs, and the uptick of handhelds in retail environments is creating new openings for bad actors.

Simpler implementations involve devices such as handheld scanners, which can be tightly controlled by corporate IT and easily wiped and reimaged if necessary. They’re also usually hardened and set up to protect against attacks, so their potential as a threat is low. More complex cases feature connected devices, including smartphones and tablets. These increasingly fall under bring your own device (BYOD) policies, where employees use their personal devices, and IT has little control over their use or security state. As retailers capitalize on the tremendous value that handheld devices have to offer, they must also make sure to harden the backend store apps employees are using to keep bad actors from entering their network.

Internet of Things (IoT)

From robotics in the warehouse to automated product pricing displays, retailers are finding new and innovative ways to leverage IoT devices for increased speed, accuracy, and cost savings. While these tools deliver important capabilities, few are set up for cybersecurity. Most don’t have the capacity to support software, so retailers often can’t put an agent on the devices to enable them to protect themselves against cyberattacks. With the proliferation of IoT in retail, any networked appliance, including coffee makers, refrigerators, and TV monitors, becomes a potential point of compromise.

Solving the IoT security dilemma requires vigilance and diligence. Retailers need a way to spot new devices as they come onto the network (some can be added without IT involvement). They also need tools to control each endpoint’s network access credentials and deploy measures to defend against attacks. A robust cybersecurity strategy goes beyond a traditional firewall to include implementation of a network detection and response (NDR) solution, enabling a retailer to monitor network traffic in the store for indicators of compromise. This early warning tool provides a way to get out in front of potential intrusions and other vulnerabilities so an attacker can’t turn your IoT devices against you.

Store manager computers

POS terminals, along with computers dedicated to executing in-store activities, are usually at the center of a retail cybersecurity program. What’s frequently overlooked are the store manager PCs, which exist outside of the cardholder data environment. The reality is that these computers may be among the most vulnerable endpoints on your network, and they’re ripe for exploitation by cyber criminals.

In fact, recent data shows that credentials were the most-compromised data in retail breaches at 38%, beating out payment cards, which dropped from 37% in 2023 to 25% in 2024. Given the extensive access most store manager PCs have via the network, a criminal might use the computer as a point of attack to see what else on the network they can access — user credentials, employee data, customer data, even corporate records.

An important reality is that backoffice PCs are frequently used for non-company activities, such as when employees check their personal email or play video games during work breaks. But they may also be used as central stations for store employees to clock in and out, and for managers to coordinate employee schedules and other management responsibilities. 

More attention should be paid to store manager PCs because they are vital to not only the overall organization, but also to the operation of the store. If compromised with ransomware, for example, they could effectively hinder the ability to open and operate the store. Retailers should be exploring a managed detection and response (MDR) solution, which helps safeguard the store manager computer against ransomware and other methods of attack. It can also notify key stakeholders of a compromise quickly and enable them to take appropriate action and protect other connected assets.

While bolstering cybersecurity should be a year-round endeavor for retailers, the holiday shopping season presents a deeper sense of urgency to safeguard against cybercriminals. Those looking to get ahead of cyberattacks before they happen should begin taking stock in their cyber defense system — particularly their in-store devices — today.