Skip to content

Helping Merchants Protect Themselves: Cybersecurity Tips from a Former White House CIO

cybersecurity measures for merchants

In a world full of open technology, the devices that make our lives easier also leave us vulnerable to being hacked, according to Theresa Payton, former White House CIO and star of the CBS series Hunted. Payton recently joined me for an exclusive ACI cybersecurity webinar, sharing expert insights into how merchants can enable growth, enhance the customer experience and prevent greater instances of fraud.


Protecting the most vulnerable

Oftentimes, humans are considered the weakest link in the cybersecurity chain, but for Payton, today’s hyper-connected world is placing us in a vulnerable position.

“All technology by design today is designed to be open,” explained Payton. “It has Bluetooth, it has WiFi. It’s technology we all know and love. It’s part of our daily lives, but because it’s designed to be open, it is always at risk of being hacked.”

For Payton, this means that organizations must design security strategies that create a safety net around the user, helping to limit the impact of a potential hack.


Cybersecurity with humans in mind

Payton’s first piece of advice is to acknowledge that statistically, it’s likely that an employee will click a malicious link. In one survey, almost 70 percent of participants were fooled by emails that appeared to be sent from co-workers. As Payton points out, simply asking people to not click links is a battle that has been ongoing for more than 15 years. It’s safe to assume that someone will click a malicious link at some point.

Operating under this pretense, Payton suggests that retailers (and all organizations) do three things:

1. Create a safety net around users – By limiting permissions and segmenting systems, retailers can limit the impact of any phishing intrusions. As Payton points out; “Segmentation doesn’t have to just be ‘my network is segmented,’ or ‘my data is segmented.’ It could be the humans and their user access controls are segmented.”

2. Employ a virus scanner – Employees should be required to use a virus scanner before clicking any links. Virus scanners allow employees to copy and paste links, which are then cross-checked against dozens of databases to see if they are malicious.

3. Use a virtual machine – Set up rules so that all links and attachments open on a sandbox or virtual machine that operates outside of your corporate network. If a malicious link is then clicked, it won’t be able to reach your critical systems.


Want more great insights into how you can merge seamlessness and security while still enabling growth? Watch the full cybersecurity webinar on demand, or download our eBook; "Delivering Multi-Dimensional Fraud Prevention" to find out how ACI ReD Shield keeps fraudsters at bay with multiple layers of control.


About Theresa Payton
Theresa Payton is one of America’s most respected authorities on internet security, data breaches and fraud mitigation. She was the first female to serve as White House chief information officer and was the star of the CBS series Hunted. In 2017, Theresa was named #4 on IFSEC Global’s list of the world’s top 50 cybersecurity influencers in security and fire.