Women’s apparel retailer Forever New speaks to Retailbiz about how brands can safeguard their online systems from cyber attacks.
As a rapidly growing company at the precipice of the e-commerce boom, Forever New relies heavily on cloud-based communications.
With the retailer trading online in more than 20 countries, cyber safeguards are crucial to business operations and consumer purchasing behavior.
For Forever New, the transition to a cloud email platform has brought with it both operational efficiencies and a host of security challenges.
Not long after launching the cloud platform, Ben Tobgui, Group IT Operations Manager at Forever New, noticed a sharp spike in spam, phishing, malware and impersonation attacks.
The increase in attacks prompted the brand to rethink the way it manages cyber threats internally.
To understand the severity of the risk, the brand conducted a fake phishing test. The results were startling, with 65 per cent of staff clicking on the scam and 30 per cent entering in their login details.
The results sparked a valuable step-change within the organisation, Mr Tobgui told Retailbiz.
“It taught us that the end user is key to cyber security, which triggered a number of internal training programs.”
The brand now has a comprehensive cyber safety module for all new and existing staff.
Educating staff at all tiers of the organization about cyber-safe behaviour is the best thing you can do to safeguard systems, Mr Tobgui says.
“You have to have a multilayered approach – you’ve got to look at email being a major part of the threats but also endpoint protections, fire walling, rules on the network and user education.”
Having a cyber resilience plan that touches every element of the organization through relevant training is equally critical to strengthen cyber resilience, he says.
“Regardless of a retailer’s size or structure however, cyber security and cyber awareness is a whole of business responsibility, with everyone from the C-suite to the fulfilment centre or shop floor, educated and engaged in planning, preparation and response.”
Tacking the threat headfirst
While most businesses rely on service providers to protect business-critical functions, this is “a recipe for disaster,” Mr Tobgui says, often leading to reputational damage, operational issues and financial losses.
Instead, businesses should develop a comprehensive understanding of how emails are filtered so that legitimate communication from customers aren’t lost in the ether.
“It’s painful and damaging to our brand if we get false positives, which means legitimate emails from our customers and suppliers are blocked,” Mr Tobgui said.
“All email security providers have a different approach to filtering emails, so it’s important to understand how a filter ‘learns’ who you communicate with in order to minimise false positives and maximise experience.”
While some of these exercises may be time-intensive and costly, Nick Lennon, country manager of Mimecast Australia, Forever New’s cyber-partner, says the costs of protecting systems drastically outweighs the risks.
“Downtime comes with a particularly hefty price tag. If you consider that the average downtime Australian organisations experience following a ransomware attack is three days, the financial damage can quickly add up, not to mention the intangible costs associate with being offline.”