Defense Of A Different Kind
Image: Sikov / Adobe Stock
Today’s consumers are as likely to browse on their mobile devices as they are to walk the aisles of a brick-and-mortar retailer. The internet isn’t a fad, and tomorrow’s consumers aren’t likely to even know about The “Yellow Pages.”
Yet, being online is also more than just posting a website with directions and store hours. This is true of retailers who aren’t offering online sales. Simply being online today is expected, and it’s where first impressions can be made.
“We believe our online presence is very important. Not only for advertising and letting people know what types of things we have available, but also for just interacting with our customers,” explained Jeremy Ball, president and owner of Sharp Shooting Indoor Range & Gun Shop in Spokane, Wash.
As Ball told Shooting Industry, too many retailers — and not just in the shooting industry — may collapse because they don’t take their online presence seriously enough.
“Where they fail is by not interacting with their customers,” he added. “They fail to respond to comments, suggestions and questions. This happens for a lot of reasons but if you’re posting online content, you should be responding to comments, concerns and anything else brought up by your followers as quickly as possible. Yes, it takes a ton of work, but you’ll see the results and have customers comment to you about it immediately.”
Even for shops that don’t have an e-commerce business, it’s important to maintain a reasonable site to draw in foot traffic.
“Although our primary focus is not on an online store, it provides several key benefits. It allows our customers to browse our product offerings, understand what we have in stock and send us inquiries,” noted Alex Hague, co-owner of VRA Range, which operates a location in Ohio and another in Indiana. “Our commitment to customer service is enhanced through this platform, enabling us to engage with and assist our customers more effectively.”
The Importance Of Online Security
Firearms retailers are already expected to be well-versed in ensuring the merchandise is properly secured, while cameras and alarms provide an additional layer of protection.
However, in the digital age, it doesn’t go nearly far enough. All retailers who maintain any customer, client, vendor, employee or other data related to the business on a computer need to ensure all this information is protected and secured.
“If you are in any business, you want to protect your customer’s information,” said technology industry analyst Rob Enderle of the Enderle Group. “Customers won’t trust or use you if they find you didn’t protect their data, and you could be liable for any damage done to them because of this data theft.”
Moreover, retailers today produce more and more data daily, and while much of it may seem mundane it isn’t often the case.
“Bad actors can use a lot of seemingly worthless data to perform social engineering attacks with a much better success rate,” suggested Erich Kron, security awareness advocate at cybersecurity training provider KnowBe4. “For example, if a cybercriminal knows a customer placed an order from a company, they could easily call and claim to be from said company with a follow-up question or pretend to have a special deal. By citing previous order details, they can convince the target they’re representing the organization.”
In June, KnowBe4 entered into an agreement with NSSF to enhance security awareness efforts and bolster the overall security culture of its member organizations. KnowBe4 is helping educate the industry about the importance of data, and why it needs to be protected as much as the actual firearms in a shop.
“No organization is too small to be a target, and no industry is immune to attacks. Every company out there has information about customers, vendors, and employees,” Kron told Shooting Industry. “Organizations also need to be aware of places where data may be stored that they are not considering. It is not uncommon to find someone is using a spreadsheet program to pull information from a database for further processing. This is not necessarily a bad thing, as it can improve efficiency and make the job easier.
“However, it’s important organizations understand all the non-traditional places where data may be stored, so it can be properly protected.”
Access to information should be limited. Movies and TV may suggest hackers use advanced software to breach a computer or network, but oftentimes, it’s the social engineering described by Kron that poses the greater danger. This is where someone is tricked into providing a password or other information — and all too often humans remain the weakest link.
“You should be making sure you’re limiting access to that information and updating passwords and security settings regularly,” advised Ball in Washington. “At the end of the day, you don’t want to be the one found to have negligently handled the personal information of your customers. If it doesn’t affect you financially, then it will in how they perceive your store.”
In addition, cybersecurity experts suggest the best way to secure data is to delete it once it is no longer needed. All too often, organizations retain far more data than they need to, and it has caused significant issues when a data breach occurs. As simple as it sounds, if the data isn’t there, it can’t be used against you or your customers. For the firearms industry, however, there is a lot of information that needs to be maintained. And it needs to be secured like a firearm.
“Wherever possible, data should be encrypted when not being used,” noted Kron. “Many modern software packages allow for encrypting data, including the most popular spreadsheets and other office-type products. By encrypting data, it makes anything the attackers may steal useless and protects it from being leaked.”
An Alphabet Of Regulations
The gun world is already full of acronyms and industry-specific terms, but those on the retail side of things should plan to add a few more related to e-commerce and security. This includes a literal alphabet of regulations. Even those who don’t conduct online sales should still be familiar with Payment Card Industry Data Security Standard (PCI-DSS) 4.0, a set of rules and guidelines designed to help organizations that handle credit card information.
“Any merchant should ensure they are at least PCI-DSS compliant, which ensures a minimum standard of secure storage of customer information collected during a sale as well as standards for protecting systems and networks from a cyber-attack,” said Ross Biddle, NSSF chief information officer. “Smaller merchants may want to engage outsourced vendors and cloud-based systems able to offer more security and protection and less maintenance and upkeep. This is an area that makes sense to modernize and spend appropriately on and shop owners should look to leverage expertise likely not found in-house.”
Likewise, there are now privacy concerns in place in some states, notably the California Consumer Privacy Act (CCPA).
“This is another area where it makes sense to engage with a third party that has expertise in compliance across all of the states where sales may occur and can stay abreast of the constantly evolving compliance and security landscape,” Biddle suggested.
“When operating online, we must comply with various data protection laws,” added Hague. “We need to ensure our website and online systems are secure, using encryption and other security protocols to protect transactions and personal data. Protecting customer data and respecting user privacy are top priorities for us.”
