Cyber security should be top of the shopping list for retailers, a specialist group set up to beat computer crime said yesterday.

The Bermuda Cyber Threat Intelligence Group said that hacking risks were real — and could hit firms’ reputations and profitability.

The group, made up of professionals drawn from business and IT, was speaking after supermarket chain Arnold’s was last week hacked — leading to customer card details being compromised by crooks.

Cybersecurity group member and KPMG senior manager in the firm’s IT advisory team Chris Eaton said: “Bermuda consumers have a valid expectation that any personal data they share with a local retailer will be securely managed and stored.

“This is not a ‘tool’ discussion, but rather it’s about people, processes and technology coming together to address risk.

“As the techniques available to cybercriminals evolve, so too must the countermeasures.”

Fred Oberholtzer, a group member and KPMG IT advisory cybersecurity chief, said that efficient information-sharing by IT professionals was key to tackling the problem.

Mr Oberholtzer added: “The Bermuda Cyber Threat Intelligence Group was set up for this purpose and it our hope that today’s advisory will help to signify that change is coming.

“As a group we are committed to helping to address the cybersecurity issues faced by Bermuda.

“We are fortunate that we have a well-qualified community of local specialists who are willing to assist.”

Gibbons Group CEO and chairman of the Chamber of Commerce retail division Paula Clarke said: “Bermuda may seen an unlikely target for cybercrime, however, this type of activity can and does happen here.

“The fact is that all retailers, regardless of size or geography, are at risk and retailers in Bermuda are not immune.”

Group member Ronnie Viera, the chief operating officer of First Atlantic Commerce, said that — in the wake of the Arnold’s attack — the group had issued and advisory highlighting steps businesses should take to boost data protection and cybersecurity.

These include:

• Not using vendor-supplied default passwords.

• Keeping software security up to date.

• Ensuring a good firewall is in place and maintained.

• Restricting access to business networks.

• Training staff in security measures like not opening suspicious e-mails and being alert to fraudulent attempts to obtain passwords or confidential details.

• Ensuring wireless technology is secure and encrypted.

The group also suggested that sensitive data should be encrypted when sending it over the internet and when it is saved to USB sticks, disks or tapes and that businesses consider insurance to cover fraud losses.

Mr Viera said: “By issuing this advisory, we hope to support our retail community by highlighting some the real-world concerns facing Bermuda’s retailers and their customers.”