Are you Scan and Go Ready?

Originally published on LinkedIn May 16, 2019

Wherever you go today, whether Starbucks or Taco-Bell, screens are in – touchscreens that is. More than likely your fingers will interact with a digital device at some point, whether swiping a tablet to pay a bill or signing a receipt or else ordering your favorite espresso on a kiosk.

And thanks to the flurry of new cashierless checkout technologies like Amazon Go, waiting in a grocery store checkout line like it’s 1976 will soon be a thing of the past. Just scan your smartphone to enter the store and you’re good to go.

But while all of this new technology is a great thing, it also creates plenty of corporate challenges. Unfortunately, one of the tradeoffs has been a sharp rise in hackers and cyber-attacks in recent years. Retailers today are more vulnerable than ever to phishing, malware, and other infiltrations that can steal millions of financial records in no time.

That’s why it is more incumbent than ever for you to pay attention to your customer endpoints in a secure, seamless way that boosts customer confidence and avoids disasters like data breaches and lost financial information?

Below are 5 best practices, lessons learned, and security tips that will help ensure your retail management and security strategy is “scan and go” ready.

1. Nearly Half of U.S. Enterprises Have Experienced Recent Data Losses

The two major focus areas that often are not stressed enough by enterprises are device management and security. Let’s face it, everyone likes all the new shiny objects, but getting down to brass tacks about securing the devices isn’t always as popular. A recent report by technology advisory firm IDC says that greater than 40% of U.S. enterprises say they’ve had a data loss issue in the last 12-18 months.

To survive in today’s high-stakes retail race means providing your customers with a Device management fleet solution that delivers seamless, secure, and elegant customer experiences. Device security is more important than ever. Doing so will save countless headaches, protect your corporate assets, not to mention save your company millions of dollars in legal fees.

2. Retail Hackers are More Aggressive than Ever

It seems like every time we turn around today, we’re hearing about another major data breach. In fact, some of the most popular companies have been the target of hackers in recent years. Chipotle, Equifax, and Uber were attacked in 2017. And Chili’s, the well-known food chain, believes that in the spring of 2018 malware was used in its restaurant payment systems to gather credit and debit card information.

The message should be clear – if major corporations fall victim to major data breaches, then no one is immune. Retail devices such as digital tablets, POS, and kiosks are especially vulnerable as they are the conduit for millions of shoppers’ names, addresses, emails, credit cards, passwords, or other personal and financial information.

Who can also forget the Target Corporation data breach of 2013? That debacle ended in the theft of 40 million card numbers and 70 million personal records. The breach started after a third-party vendor was attacked through a phishing virus. Since the vendor had access to Target’s Ariba external billing system, and since Target had poor network segmentation, the hackers were able to easily gain unlawful entry to Target’s entire system.

3. Your Management & Security Strategy Probably Isn’t Good Enough

Let’s face it, the likelihood exists that any honest enterprise is not going to be completely satisfied with their current state on security and device management. But the honest truth is that retailers need to manage and secure their device fleet to achieve full operational efficiency, protect assets, and preserve peace of mind. Today, it goes without saying that that every bit of hardware and software in retail devices must be fully compliant with the most stringent security measures.

4. Adopt These Five Device Security Tips

To ensure that your device fleet (kiosks, smartphones, POS, etc.) is fully protected and compliant against cyber-attacks or malware, the following steps should be taken into account by any serious enterprise today.

1.    Ensure all device software is from a known and trusted source 

Regular compliance checks and updates are critical for ensuring that all software is free of malicious code or malware that can infiltrate the enterprise infrastructure.

2.    Encrypted manufacturing protocols

Any type of unsecured manufacturing process is going to create another entry point for criminals to introduce unauthorized code into production runs. Therefore, ensuring strict protocols starts with hardware security modules (HSM’s) and other digital certificates to ensure full code authenticity.

 3.    Secure code signing

Code signing is a critical part of affirming the efficacy of your source code and scripts. Make sure that it comes with the use of a cryptographic hash to validate authenticity and integrity.

 4.    Secure boot with chain of trust

Secure boot is designed to protect your devices against malicious code by ensuring only authenticated software runs on it. Secure boot goes hand in hand with chain of trust and is an integral part of any data management and security strategy.

5.    Encrypted key management

By including encryption key management with other data protection measures, companies will be able to manage the primary steps involved with protecting, storing, and backing-up their mobile device fleet.

About Esper

Developers building applications for Dedicated Devices need a platform that will allow them to efficiently and securely create, deploy, and manage Dedicated Devices at scale. Current solutions are meant for managing user-centric enterprise devices and do not address the unique needs of Dedicated Device fleets.

Esper is a platform for developers to deploy applications seamlessly and move beyond standard management tools to securely Orchestrate their Dedicated Devices in the field. We are focused on developers by taking an API-centric, language-neutral approach. Our tools enable developers to tackle the big challenges of Dedicated Device development such as identifying, debugging and resolving issues with their apps and devices in the field.

We streamline the process for building, deploying and managing apps on Dedicated Devices for POS, Restaurants, Kiosks, Logistics, and Transportation at scale. But Esper can be applied however you need it for unique Dedicated Device fleet solutions.

For more information contact Esper