For retailers, the story is usually one of the same: surviving the busy season. With increased customer demand, staffing requirements and dependencies on supply chains, the busy season has long stood as the greatest risk facing retailers.
But today’s market is showing an increase shift when it comes to risk. As retail has emerged as an “always on” industry, savvy retailers are noticing that risks aren’t just coming from their busy season, but are instead present in everyday retail events. From weather-related supply chain issues to food-borne illnesses, theft and even security breaches, today’s retail environment is fraught with everyday risks.
When combined with pocket journalists, who can seamlessly channel their bad experience into a national media frenzy, today’s retailers can easily have their brand reputation tarnished from even the slightest slip.
To stay ahead of risk, retailers must ensure that they are not only looking at the tangible risks that affect their retail locations. They also must think beyond the brick-and-mortar to evaluate the numerous emerging digital risks.
How can retailers ensure that their retail environments meet today’s demands? From my experience, it’s all about proactively addressing the industry’s biggest risk sources.
Every time a credit card is swiped, retailers open themselves up to potential breaches, as they are now in control of a customer’s data. For most retailers, this data is purged within 24 to 48 hours, but given the volume of daily transactions in both physical and online stores, at any given point retailers are still in control of thousands of transactional records.
Given the numerous risks that customer data bring to retail, cybersecurity concerns remain a top focal area for retailers. In fact, a 2017 BDO Retail RiskFactor Report found that 100% of retailers cited cybersecurity as a concern, with 78% concerned about data privacy and security regulations.
Retails should regularly evaluate their data breach protocols to ensure that they are secure against all emerging threats. This includes a regular evaluation of their data purging processes to ensure they exceed industry standards. Additionally, retailers should also conduct executive-level risk training for their C-Suite to educate all enterprise leaders on their role in dealing with these risks.
Whether intentionally or unintentionally, employees remain one of the biggest risk factors for retailers. From daily actions that end up on a viral video, the accidental leaking of undisclosed information or even the use of a social channel to complain about their day, employees can easily tarnish their employer’s brand if they are not careful.
Retailers should develop employee training programs dedicated to minimizing brand risk. These programs should take the time to properly educate employees on their role as an extension of the brand.
Likewise, risk reporting and remediation strategies should also be discussed with employees and managers to ensure that all have a proper understanding of appropriate protocols. Not only will this help keep teams operating in unison, but it will also provide leadership teams with the data they need to stay ahead of emerging risks.
While they don’t share a brand name, supply chain vendors can bring numerous risks to retailers. Oftentimes, retailers place their focus on monitoring their own brand for risk, but it is also important to actively monitor their vendors to negate potential risks before their brand becomes involved.
One of the more common ways I’ve seen vendors hurt retailers has been when they are not following proper business standards. This can include anything from inhumane work conditions to employee mistreatment and even child labor. Because such conditions ultimately affect the product that their customers are purchasing, retailers must understand that their vendors are integrated into their larger brand perception.
Retailers should continuously monitor their vendors to properly understand their media perception as well as recognize risks before they snowball into larger issues. If risks do arise, response plans should be in place to quell these risks and separate the brand from the vendor.
If there’s a smartphone in someone’s pocket, then there is a retailer at risk. From employees’ misconduct to bad customer experiences, consumers quickly flock to the Internet to post about their experiences.
The expansiveness of social’s reach can transform a retailer’s brand perception seemingly overnight, something that we have seen in the news far too often with airlines, fast-casual restaurants and numerous other brands.
To combat the social environment, risk managers should consider developing a triage plan aimed directly at social media. These plans will help them evaluate emerging social risks to determine their ability to pose a larger impact, as well as have set plans in place to act upon risks before they grow.
Being Proactive Starts From The Ground Up
Knowing about risk is step one, but retailers must develop remediation strategies and ensure that everyone throughout the organization is trained on proper risk management processes. From hourly workers up to corporate execs, employees should be trained on their role in identifying and resolving risks.
Remember, risk is never one and done, and today’s retail market shows us that new risks will arise with each new event. By taking a more proactive approach to risk, retailers can better ensure they are ready for the future.
Quin Rodriguez is VP, Strategic Marketing at Riskonnect. He joined the company with 18+ years of Executive Sales Management and Leadership experience, with 10 of those in the GRC Industry. He has been immersed in Governance, Risk, Compliance and Audit from companies such as MetricStream, Wolters Kluwer Financial Services, and Neohapsis to Supply Chain Management and BPO services for Sutherland Global Services and ModusLink. His primary industry focus the past 10 years has been in BFSI, Retail, Tech & Communications and Manufacturing. Rodriguez is responsible for leading Riskonnect's strategic vision to drive growth and engagement in the Integrated Risk Management market.