Ransomware Attacks Are Trending. Protect Your Brand in 5 Steps.

It all happens in a matter of moments. An email appears in your inbox titled, “Important – Please Read.” You click it open and see an urgent message that an accessibility glitch requires you to upload your brand’s manufacturer invoices ASAP to an approved online portal. You follow the upload link provided in the email, enter your employee credentials, and submit the invoices. After sending a follow-up email confirming that you’ve completed the task, you return to work. Nothing out of the ordinary, right?

Wrong. You have just fallen victim to one of the most common tactics that cybercriminals use to breach your fashion brand’s security – phishing. Your brand’s designs, patterns, funds, and corporate, customer, and employee data are all now compromised by a cybercriminal hiding safely behind a screen. Worst of all, your brand has a fashion PR nightmare brewing that could tarnish its reputation. Can this security breach be identified, contained, and resolved quickly? Or will it be too little too late? How could this be prevented in the future?

These are all important questions for high-end fashion brands to consider as e-commerce and technological innovations continue to revolutionize how business happens between brands, manufacturers, and their customers. With a greater reliance on cloud computing technology to store vast databases of sensitive brand information, having a proper, up-to-date security posture has become more important than ever. The recent ransomware attack on Italian high-end fashion juggernaut, Moncler, demonstrated that no brand is truly safe from a cyberattack. Fortunately, fashion CEOs and CTOs can take steps to mitigate cybersecurity risks and protect their brand and its image.

1. Identify Data Points to Secure

Building a strong security posture for your high-end fashion brand begins with understanding what specific data points cybercriminals likely want to exploit:

1.  Intellectual Property – Your designs, patterns, patents, design instructions, etc.
2.  Customer and Employee Data – Including names, emails, addresses, locations, credit card information, and social security numbers
3. Corporate Data – This includes partnership and manufacturer information, financial records and invoices, and banking information. 

Identifying and securing these data points in your network is the first step in protecting your brand from cybercrime. Any leak of brand information could damage years of hard work and business relationships. Paying out a ransom to avoid a data leak has heightened repercussions that could seriously damage your brand’s funds and overall reputation.

2. Evaluate Your Current Security Posture

Potential risks exist all across your brand’s corporate network, from digital design and data analytics to online transactions and supply chain operations. Holes in your security are heightened if you lack in-house IT specialists to monitor your brand’s network for any potential threats. Typically, smaller fashion brands may not have this luxury compared to their larger counterparts and opt to trust third-party service providers with handling their internal tech security operations.

However, allocating these operations to a third-party service provider requires that the outside party be the one to manage and store sensitive information. That automatically poses even greater challenges to protecting the intellectual property, customer and employee data, and corporate data of the brand. Plus, an outside partner’s cybersecurity strategy to identify, contain and resolve security breaches may vary from the protocols that your brand expects.

Therefore, regardless of its size or internal resources, every fashion brand will need to examine its current security measures and evaluate how effectively they can identify, contain, and resolve a security breach. One of the best tools to use in this evaluation is a Breach and Attack Simulation (BAS). This cost-effective approach uses a third-party cybersecurity company to simulate a real-life data breach scenario to aid your brand in:

1.  Finding weak points in threat response
2. Identifying potential incidents that can come from within your organization
3. Determining if your protection systems are up-to-date
4. Reviewing whether your third-party service provider conforms their conduct to fit your privacy and security expectations

With these data points collected, your brand can begin to develop an effective company-wide cybersecurity strategy to identify and mitigate risk.

3. Educate Your Employees

Eighty-five percent of all cybersecurity breaches occur due to the human element. Simply put, your employees are the weakest link in protecting your high-end fashion brand’s intellectual property. Without knowing it, they can provide cybercriminals with the best entry points to your databases. With phishing and social engineering tactics being the most prevalent forms of attack, it is crucial to implement employee awareness training. You should look to include these elements in your security curriculum:

1. Most common types of attack vectors
2. Using secure access protocols
3. Employee roles in the event of an attack
4. Annual or bi-annual refresher courses
5. Safe browsing while on the corporate network

Classify and Encrypt Your Data  

Not all data within your brand needs to be accessed by every employee. Does a content marketing intern need access to banking information? Do sales representatives need to know about manufacturer invoices? Classifying your brand’s data and assigning the appropriate permissions is a helpful tool in preventing access to particular data sets within your brand should a breach at the employee level occur. You can classify your data into three categories:

1. Highly confidential – Credit card information, customer names and addresses, employee and company passwords, payroll, financials – this information should only be accessed by high-level employees.   
2. Sensitive – Internal audits, financial reports, product designs, partnership agreements, marketing plans, email marketing lists – this information is more readily-available to your employees, but like highly confidential data, can only be accessed if granted the right permissions.
3. Internal Use Only – This is for smaller sects of data like emails and old receipts, where your brand, employees, or business partners won’t be affected if this information leaks.

Once you have classified your data and granted access and edit permissions to the appropriate parties, your brand can add a further layer of security through a technique known as encryption. Encryption is where data is encoded and scrambled into complex codes that are virtually unreadable and unusable to anyone who does not have access. It acts as a shield against cybercriminals who successfully breach your security system.

Backup and Store All Designs, Patterns, and Prints

Image from HP.com

Every design, pattern, and print you create should be backed up and stored in a safe, secure location. If a security compromise leads to a loss of intellectual property, your brand can recover it to begin building back its reputation. There are two types of data backup and storage options to consider:

1. On-premises storage – These include devices like external hard drives and Network Attached Storage (NAS) that your in-house IT team can control, administer, and maintain.
2. Cloud storage  – Here, data is backed up by a cloud service provider that will control, administer, and maintain all hardware and software. 

Keep in mind, if you decide that cloud storage is your high-end fashion brand’s best data backup solution, you’ll want to address a few criteria when negotiating a terms of service agreement with a cloud provider:

1. Have clear privacy and security expectations. – You’ll want to understand how a third-party’s cloud services work before granting them access to your brand’s sensitive data. Laying out a definitive list of expectations sets a standard of quality that the service provider must meet. 
2. Request security and auditing. – This ensures that your cloud service provider lives up to the privacy and security expectations laid out in the terms of service. 
3. Review and understand any service level agreements (SLAs) for system restoration and reconstitution time. – If a security compromise occurs, the SLAs for system restoration and reconstitution lay out a plan for how your data will be recovered, restored, and secured.  

Security breaches are inevitable. Like it or not, cybercriminals out there stand to gain something by disrupting your high-end fashion brand, its operations, and overall reputation. Fending off a security breach to prevent a compromise of sensitive brand information takes a coordinated effort requiring all employees and parties to act and respond accordingly. By having up-to-date security postures in place, you set your brand up with the tools and resources needed to reduce and successfully thwart cybercriminals before they can carve out their malicious paths of destruction.