NRF Cancels PROTECT 2020 Conference in June

NRF has been tracking the rapid spread of the coronavirus pandemic with great concern. Like all of you, our first priority is the health and safety of our staff, communities and the people we serve.

Following guidance from the CDC, NRF has decided to cancel NRF PROTECT 2020, scheduled to be held in Pittsburgh this June.

Because we are committed to finding new ways to provide value for you during this challenging time, NRF will provide free digital content for retail loss prevention and cyber risk professionals, available in September 2020.

Exhibitors and sponsors will be contacted over the next 3 weeks to discuss how they wish to handle monies already paid to NRF. There will be a variety of options, including transferring money to other NRF events (NRF PROTECT 2021 or NRF 2021: Retail’s Big Show based on availability), sponsoring online content being created or receiving a refund.  Read more here.

RLPSA Postpones its Annual Conference to March 2021

The Restaurant Loss Prevention & Security Association (RLPSA) announces the postponement of its Annual Conference to March 15 – 18, 2021. The Renaissance SeaWorld Orlando remains the venue of the 41st Annual Conference hosting restaurant, grocers, and c-store loss prevention, safety, and risk professionals.

“The restaurant industry is going through an unprecedented time of change during this COVID19 crisis,” said RLPSA Executive Director Amber Bradley. “We postponed the conference so both our restaurant members and our solution provider partners can focus on their operation and employees. RLPSA stands ready as a resource to help our industry recover by providing relevant, practical assistance.” d-ddaily.com
 

Coronavirus Update: March 30

Reported U.S. Deaths Double Since Friday

US: 144K+ Cases, 2,527 Dead -- Globally: 741K+ Cases, 36K+ Dead

15 Day Nationwide Stay-At-Home Order Extended Another 30 Days
New York mayor pleads for help as U.S. coronavirus toll mounts
New York City Mayor Bill de Blasio on Monday pleaded with the Trump administration for more medical supplies to battle the coronavirus, saying the death toll in the city, a key epicenter of the outbreak, would rise if help did not arrive by Sunday.

“If we don’t get more consistent federal help in a growing crisis, there’s a danger we start to lose lives that could have been saved,” the New York City mayor said in an interview with CNN. “Sunday is D-Day, we need help by Sunday.”

Hospitals in New York have been overrun with patients suffering from COVID-19, the respiratory illness caused by the virus. New York state accounts for almost half of the country's 141,883 cases and more than a third of its 2,477 deaths, according to a Reuters tally. The United States has the most cases in the world.(Graphic: tmsnrt.rs/2w7hX9T)

“If we do things together well - almost perfectly - we could get in the range of 100,000 to 200,000 fatalities,” Dr. Deborah Birx, coordinator of the White House’s coronavirus task force, told NBC’s “Today” show.

Dr. Anthony Fauci, a top U.S. health official, cited those figures on Sunday as a possible outcome, but Birx’s assessment appeared to suggest the figures could be a floor rather than a ceiling.

The New York Times reported earlier this month that models from the U.S. Centers for Disease Control and Prevention projected that 200,000 to 1.7 million people could die and between 160 million and 214 million people could be infected. reuters.com

Using Facial Recognition to ID People with Coronavirus

Facial recognition companies are pitching the technology as a sanitary alternative to fingerprint scanners

The Covid-19 crisis enveloping millions of people around the world is also presenting an unlikely business opportunity for one sector of tech: facial recognition technology. Companies including DERMALOG in Germany and Telpo in China are pitching the technology as a method for identifying individuals without the risk of close contact.

Fingerprint scanners, for instance, require that many people touch the same surface, which could potentially spread infection if someone with Covid-19 were to use an unclean scanner. Businesses in India are being directed by police to ditch fingerprint authentication in lieu of facial recognition or ID cards, and the NYPD is pausing its fingerprint entry amid coronavirus concerns.

Companies eager to make facial recognition the default form of identification are rushing to fill the void.

Russia is using facial recognition to track those who are leaving their quarantine. onezero.medium.com

Grocery Stores & Pharmacies Have Become "Super Spreading Virus Vectors"
A March 27 USA Today story asked whether grocery stores and pharmacies had become “super-spreading virus vectors” with touching shopping carts, freezer door handles, cardboard boxes and plastic packaging nearly unavoidable. A recent study in the New England Journal of Medicine found the virus was detectable up to 24 hours on cardboard and up to three days on plastic and stainless steel.

On Friday, Trader Joe’s temporarily closed eight stores for cleaning because workers had contracted the virus.

“The biggest concern about a grocery store is everyone wants to be there,” Virginia Tech epidemiologist Charlotte Baker told USA Today. “That means you’re closer in proximity than we’re recommending people be.” usatoday.com

Is Kroger’s pick-up only store a solution for grocers now and in the future?
A Kroger store in Cincinnati has converted to pickup-only due to the surge it has seen in online orders. A byproduct of the change may be that the store is now better suited to address many of the shopping challenges associated with the coronavirus pandemic.

“The pickup-only model is ideal for all customers, especially for senior and higher-risk shoppers,” Kroger said in a statement. “Because of the ongoing increase in grocery products and services at this time, it’s also important for our customers to know they may experience limited inventory options and longer wait times than usual.”

A survey of more than 1,600 shoppers from e-commerce platform ShopperKit taken from March 23rd to 25th found 31 percent used grocery pickup and/or delivery over the last 30 days compared to 13 percent in August 2019. Forty percent of people over 60 ordered groceries online for the first time.

Due to heightened demands, however, delivery wait times for some grocers are running more than a week. retailwire.com

ShopRite of Bloomfield, NJ, is going with the flow when it comes to social distancing protocols The grocer on Sunday debuted its one-way aisles to improve traffic flow amid the spread of coronavirus.

Workers say their employers aren't doing enough to keep them safe
Amazon, Instacart Delivery Workers Strike For Coronavirus Protection & Pay
Amazon warehouse workers in Staten Island, N.Y., and Instacart's grocery delivery workers nationwide plan to walk off their jobs on Monday. They are demanding stepped-up protection and pay as they continue to work while much of the country is asked to isolate as a safeguard against the coronavirus.

The strikes come as both Amazon and Instacart have said they plan to hire tens of thousands of new workers. Online shopping and grocery home delivery are skyrocketing as much of the nation hunkers down and people stay at home, following orders and recommendations from the federal and local governments.

Workers from both Amazon and Instacart want more access to paid sick time off. At this time, it's available only to those who have tested positive for the coronavirus or get placed on mandatory self-quarantine.

• Amazon workers want their warehouse to be closed for a longer cleaning, with guaranteed pay.

• Instacart's grocery delivery gig workers are asking for disinfectant wipes and hand sanitizer and better pay to offset the risk they are taking.  npr.org

Survival mode: retailers take extreme action
Non-essential retailers who are eager to re-open stores face hard choices after President Donald Trump on Sunday, March 30 extended national social distancing guidelines to April 30.

Now, some retailers have begun to extend their temporary closing dates while implementing extreme cash conservation measures to weather a public health crisis that strikes at the heart of retail as a social activity.

Amid great uncertainty around when it will be safe for non-essential store to re-open, retailers are implementing a wide range of cash conservation measures to ensure long term survival. There have been a barrage of announcements lately from companies who are cutting capital expenditures, suspending dividend payments, furloughing workers and reducing or eliminating executive compensation. retailleader.com
 

Why isn't this store closed?
Some retailers deeming themselves "essential" might think it's profitable to stay open during a pandemic. But they may be wrecking their reputations.

The scope is unprecedented: As of March 26, more than 40% of the retail floorspace in the U.S. was closed to the public, an amount that last March brought in $107 billion in sales, according to data from GlobalData Retail. It's a bleak situation that has endangered retail workers' livelihoods and companies' bottom lines.

It's unsurprising, then, that some specialty retailers and department stores have stretched that word, "essential," to include themselves — in many cases staying open over the objections of their own employees, who, as Retail Dive found in investigating the situation at supplements retailer GNC, are concerned about their health and safety, and that of their customers.

GNC is not alone. Hibbett Sports, crafts stores Michael's and Joann Stores, Guitar Center and department stores Sears and Dillard's, among others, have all kept locations open, some still even at press time. That has drawn headlines in the news, scorn on social media and criticism from analysts.

"The real reason behind all of this is that these retailers want to minimize losses," he told Retail Dive in an interview. "Some of them have very weak balance sheets already, others will be concerned about the potential long-term damage to their balance sheets and capitalization. That's really what this boils down to."

There's a real risk, however, that the move backfires. retaildive.com

Retail Layoffs & Furloughs

Macy's to Furlough Most of Its 130,000 Workers as Stores Stay Shut Because of Pandemic

Claire's announces a "majority" of store associates have been furloughed

Sally's Beauty furloughing some of corporate staff & workers related to store closures

Stage Stores will furlough "virtually all" store associates, and DC, field support employees

The Container store will furlough “a portion” of corporate employees

Tilly’s Inc. furloughs all non-management store associates & some corporate office staff

La-Z-Boy is furloughing 6,800 employees, around 70% of its global workforce
 

TOMORROW @ 2:00 PM EST
NRF Retail Members-only CARES Act Update Webinar

NRF policy experts will provide key takeaways from the CARES Act and the provisions that offer the most economic relief to retailers, associates and consumers during this difficult time.

Due to the large number of attendees, we will not be taking questions live during the webinar. Questions submitted before 12 p.m. ET, Tuesday, March 31, will be addressed at the end of the presentation. Please send questions to Covid-19@nrf.com with "CARES Act Question" in the subject line.

Click here to register.
 

U.S. International Home Delivery Expert Advice
Restaurant Delivery Safety and Security Risks

By Van Carney, Director, Loss Prevention, Safety & Security at Domino's

The Restaurant Marketing and Delivery Association (RMDA) reports the food delivery and takeout industry is growing with annual sales into the billions of dollars. With the recent COVID 19 crisis, delivery and carryout have become even more prominent. More than ever, restaurant businesses and restaurant franchisees need to understand and prepare for risks such as delivery safety, employee injury and auto accidents.

In a recent Restaurant Loss Cost Benchmarking Report, it was revealed an average workers’ compensation claim cost $5,000 annually over a five-year period and an auto liability claim averaged $7,900. The most common risk faced by delivery drivers were auto accidents, followed by slips and falls, then robbery. Most auto accidents were caused by distracted driving mainly because drivers were on their cells phones. Slip and falls were associated to uneven walkways, damaged steps, sprinkler heads in the grass, loose pets and poor or no lighting. Robbery issues were reported as a concern because drivers were easy targets because they were not in a secured environment and most likely to be carrying cash.  Read full article here

Open Invitation: Looking for Expert Advice for Essential Workers
From warehouse workers to the grocery stores to DLPM’s and RLPM’s traveling stores, we at the D&D Daily want to hear your advice when it comes to safety and security during this unique and challenging time in retail history. Email us here, whether you want to share a full article or just a couple short thoughts. Share your knowledge, advice and experience with your LP/AP peers, and we’ll all get through this together!
 

How coronavirus cripples the New York Mafia
The coronavirus has succeeded where lawmen like Bobby Kennedy and Rudy Giuliani failed for more than a century — by putting the freeze on the mob.

The wholesale cancellation of major sports in the face of the contagion has wiped out tens of millions of dollars in illegal gambling income, a “historic” blow to the Mafia, law enforcement sources told The Post. “There’s never been a time when they weren’t making money through gambling,” said one insider. “Since the days of Lucky Luciano, when the Five Families started.

Other mob mainstays have also been hard hit. The extortion of restaurants has fallen, with eateries ordered closed except for takeout and delivery, and construction rackets had been bringing in the bucks until Gov. Andrew Cuomo halted all non-essential projects on Friday, sources said.

“Construction’s a very big deal because it has a lot of branches,” one law enforcement source said, noting that goodfellas don’t just profit off jobs themselves but related ventures like trucking and the ports.

And with fewer businesses open and generating garbage, private carting companies, historically a popular mob enterprise, are also feeling the pinch, sources said.

Money-hungry made men may soon be forced to lean more on narcotics, which is still doing a brisk business even as much of the world grinds to a halt. nypost.com
 

Senior LP & AP Jobs Market

VP Asset Protection Job reposted for BJ's Wholesale Club, in Westborough-Home Office, MA
BJ's Wholesale Club was the first retailer to introduce the warehouse club concept in the northeastern United States. Today, we're a multibillion dollar operation with more than 200 clubs in 17 states from Maine to Florida.

The VP, Asset Protection is responsible for overseeing and validating all corporate Asset Protection, security, and related procedures within the field & home office. The VP, Asset Protection interacts continuously with the Directors of Field AP and RAPMs, as well as club management to talk through questions and issues related to protecting the company's assets and conducting investigations. The VP partners with business owners throughout the Field and Home Office to identify opportunities to protect assets, streamline processes and recommend potential solutions. This role is a subject matter expert in all asset protection-related technical skills, including CCTV, alarms, POS analytics, investigations and case management. bjs.com

 

Here they come!
Purported Brute-Force Attack Aims at Linksys Routers as More People
Work Remotely
The attack joins a general rise in malicious activity aimed at home users as many of the world's knowledge workers are sequestered at home in an effort to blunt the spread of the novel coronavirus. About 1,200 users have seemingly downloaded the malware between March 18 and March 23, the company said.

"While it's not uncommon for hackers to piggyback global news, such as the pandemic, to deliver phishing emails laced with tainted attachments, this recent development proves they are nothing if not creative in compromising victims," Bitdefender stated in a blog post on the attack. darkreading.com

Coalition Formed to Address COVID-19 Crisis
Cybersecurity experts come together to fight coronavirus-related hacking
An international group of nearly 400 volunteers with expertise in cybersecurity formed last Wednesday to fight hacking related to the novel coronavirus.

Called the COVID-19 CTI League, for cyber threat intelligence, the group spans more than 40 countries and includes professionals in senior positions at such major companies as Microsoft Corp and Amazon.com Inc.

One of four initial managers of the effort, Marc Rogers, said the top priority would be working to combat hacks against medical facilities and other frontline responders to the pandemic. It is already working on hacks of health organizations.

Also key is the defense of communication networks and services that have become essential as more people work from home, said Rogers, head of security at the long-running hacking conference Def Con and a vice president at security company Okta Inc OKTA.o.

“I’ve never seen this volume of phishing,” Rogers said. “I am literally seeing phishing messages in every language known to man.”

Rogers said law enforcement had been surprisingly welcoming of the collaboration, recognizing the vastness of the threat.  reuters.com

3 ways COVID-19 is changing CISO priorities
Big projects have been postponed indefinitely. Large organizations tend to have a few cybersecurity projects that require engineering, piloting, and cooperation with IT operations. These projects have been tabled for now — even if they were already progressing.

It’s all about securing remote users. This one is obvious but its also the reason why CISOs are so busy. The mandate from executives was to get employees up and running first and then address security afterward. CISOs have been fighting “bolt on” security cycles like this for years, but the virus has forced security teams to work uphill to catch up. This means on-the-fly risk assessments, controls adjustments, and lots of work in tandem with IT and network operations teams.

An immediate search for “quick wins.” CISOs are finding and patching holes as quickly as they can. In some cases, this means they are starting from scratch as they quickly ramp up product research, purchasing cycles, testing, piloting, and deployment. Despite this workflow, CISOs are looking for tools that can be easily installed and configured to mitigate new risks.

Budgets haven’t been cut yet and CISOs really don’t have time right now to deal with paper pushing. Rather, security teams are robbing Peter to pay Paul, grabbing money as they can to address the new reality. Some of the emergency purchasing needs include:

Endpoint security controls. There are two priorities here: providing network access and blocking malware. This equates to VPN clients and antivirus software — especially for employees sharing their systems with family members. Some are also looking at asset and operations management tools (a la Tanium) to turn unmanaged home PCs into managed short-term corporate assets.

Mobile device security. This was on the to-do list at the beginning of the year. Now that executives, high-value employees, and privileged account managers are working from home, mobile device security efforts have become a high priority.

Network security. CISOs are defaulting to VPNs to deal with a work from home population that grew from 20% to greater than 80% of employees in a matter of weeks. In some cases, basic VPN access has superseded more thorough zero-trust access projects that require time and planning for things like policy management. VPN growth is accompanied by the need for more firewall and other gateway appliances. Finally, I’m seeing increasing interest in secure DNS services, which is also perceived as a quick win.

Simple multi-factor authentication (MFA). Organizations that have success with MFA in small pockets are expanding these efforts as high-value employees migrate from office cubicles to their home offices. Again, the goal is to bolster security first and then fine-tune policies over time. csoonline.com

The Top 10 Employer Cybersecurity Concerns For Employees Regarding
Remote Work

Pause & Validate Spelling - Before Responding to Any Email

The solutions are basic. Employees need to be reminded (and tested) that legitimate groups do not request personal information. Verify any hyperlink before clicking on it. Be wary of any email insisting on immediate action. Generic greetings or an unfamiliar sender are other markers. And while bad spelling and grammar often signal phishing, beautifully written communiques can be just as dangerous. The best defense is common sense. Remote workers should get into the habit of pausing before responding.

Second, remote workers should be restricted to the use of company devices. Company devices meet minimal security benchmarks. Remote workers will be limited to company devices. If this is impossible, personal devices should be vetted by employer IT prior to being used for company work.

Third, remote workers must restrict themselves to home or other secure networks. The “free” WiFi available at cafes, libraries, or similar public places carry a steep security price tag.

Fourth, remote access should be limited to network sections necessary to enable workers to complete their tasks. Every employer has data with varying degrees of value and sensitivity. The most valuable data – the “crown jewels” should not be remotely accessible. If access is imperative, it should be limited to the extent and time necessary to complete the assigned task.

Fifth, make remote work easy.

Sixth, is critical - the IT department should be patching often.

Seventh, the IT department should be monitoring traffic continually. Like vehicular traffic, electronic traffic exhibits typical patterns over time. Occasional deviations from the norm are expected. But IT staffers have the experience to appreciate which deviations may signal a security concern.

Eight, not all damage comes from electronic attacks. Humans are social. Employees like to talk. And jobs tend to be a favorite subject of discussion. Remote employees need to adjust to their new environment. They must remember that loose lips sink ships. Work talk should be limited to private spaces.

Ninth, virtually every employer depends on vendors and contractors. Employers should ensure that vendors are contractually obligated to adhere to the same security standards as full-time employees. This would include everything from not using public WiFi to limiting their access to relevant silos.

Editor's Note: We'd suggest an email be sent to ALL contractors reminding them of this contractual obligation and setting up a post pandemic audit process. This could end up being the #1 attack vector.

Tenth and finally, security is a people business. Most breaches can be attributed to human error. The opportunities for such mistakes rise exponentially when employees are working remotely. The only cures are simple. Employees must be trained, and periodically retrained, in the fundamentals. And they must rely on checklists. securitymagazine.com