Client Profile
- Client: Regional retail chain
- Location: Outlets across Maharashtra and Karnataka in India
- Sector: FMCG
The Situation
As part of its business modernisation, the client adopted a cloud-based billing system, enabled UPI and mobile wallet payments, and launched a basic e-commerce portal. However, this digital push came without a formal cybersecurity foundation.
Key risks observed:
- Shared login credentials and no endpoint protection on PoS systems
- Customer phone numbers and invoices stored on unsecured desktops
- E-commerce admin portal accessed without MFA or audit logs
- Lack of vendor oversight for payment gateway integration
- Staff unaware of phishing, fake refund links, or social engineering tactics
- No data backup policy or breach handling mechanism
With growing customer expectations, regulatory scrutiny, and exposure to digital payment frauds, the client needed a basic but effective Information Security Risk Management Framework that suited their scale and budget.
Our Response
MitKat designed and implemented a cost-effective, MSME-specific cyber risk program with a focus on practical controls, awareness, and minimal disruption to daily retail operations.
Key Interventions:
- Risk Mapping: Identified digital touchpoints (billing, CRM, e-comm, payment, WhatsApp orders) and associated threats
- Policy Drafting: Developed Acceptable Use Policy, Data Handling Guidelines, and Incident Response Flow
- Endpoint Security: Installed AV and enabled local system encryption on all cashier and admin terminals
- Cloud Access Control: Implemented MFA and limited backend access to store managers and owners only
- Staff Training: Conducted cyber hygiene workshops for store and warehouse staff
- Data Backups: Set up automated cloud backups for sales and customer data
- Vendor Review: Audited third-party billing and payment providers for security compliance
Outcome
In just few working days, the client experienced a notable improvement in their cybersecurity posture:
- Key critical cyber risks resolved, including customer data leakage points
- All PoS and admin systems secured with AV and basic monitoring
- Staff across 25 stores trained, leading to detection of phishing attempts within days
- Payment systems hardened, reducing refund fraud risk
- Data recovery readiness achieved, with weekly backups and access logs
- Foundational security culture established, without overhauling retail operations
MitKat’s MSME-focused cyber risk approach enabled a fast-growing retail chain to move from informal, vulnerable practices to a secure, digitally-ready posture, mitigating immediate risks while building long-term customer and data trust.