Securely managing retail projects
Published on 16 October 2018
Retailers, the situation is critical. Whether you’re a distributor or an e-commerce manager, the massive quantities of data that pass through your hands could place your business activity in jeopardy. How, you may ask? The volumes of information you store are a goldmine for hackers if they can figure out how to slip through your net. To guard against this, best practices include integrating data security right from the get-go, by applying a “security by design” approach. Your best bet for iron-clad protection: work with a service provider you trust, and whose data security expertise is tried and true. To help guide you, we’ve compiled a list of the steps a conscientious Information Systems (IS) decision-maker should take for proper protection.
Step 1: Identify a sensitive project
An IS project is considered sensitive if it involves any data — whether personal or not — for which a loss of integrity would have an impact on the host company. The consequences of a security breach could be legal, financial, or operational in nature. Whatever the case, they will be damaging to the brand image.
To protect against the most common cyber-attacks, MANQUE LE LIEN >> such as ransomwares, your service provider must implement a cyber-resilience approach with the security manager right from project launch. The ISO 27001 standard and indications provided by the CNIL should be considered minimum best practices when evaluating your cybersecurity.
Beyond the kick-off phase, data safety should remain an important part of company policy, meaning that a designated contact should be assigned to it at every project milestone.
Step 2: Ensure data security during project implementation
During project development, the MANQUE LE LIEN >> rules to implement in order to secure your system are defined by the SaaS service provider:
- Password security;
- Preventing the installation of malware;
- Data encryption;
- Traceability of operations performed on machines and intrusion detection;
- Data backup and restore.
At Generix Group, these cyberprotection actions are performed in-house: all information is stored on the company’s SaaS server, except for passwords.
Access must also be secured client- and provider-end. Companies must remain vigilant with respect to professional equipment theft and notify service providers so that they can restrict access remotely. When employees leave the company, it is imperative to revoke their rights to services and software they had access to.
At Generix Group, a single procedure offers connection to a client’s internal address book. When an employee leaves the company, the client address book transmits this information to the Generix Group address book automatically. The information is deleted instantly, thus ensuring data security. Conversely, new company arrivals are managed directly so that they are immediately operational in the company.
Step 3: production launch quality control
Right before production launch, care must be taken to verify that the commitments made by project teams were made operational.
This is the case at Generix Group, where project teams implement test phases for all applications. Code audits and intrusion testing are also carried out by an ethical hacker in lean startup mode (continuous improvement) shortly before production launch. The goal is to refine the data security measures implemented late in the game.
