Flooid Thinks: Security with Dominic Mayes

Retailers operate in a world of risk and uncertainty, where threats are ever-present. From increasingly sophisticated cyber-attacks using AI-generated scripts to phishing attempts, targeted data breaches and fraudulent impersonations, bad faith actors are constantly coming up with new ways to profit from retailers’ digital vulnerabilities.

In this ever-changing landscape, a weakness in your cybersecurity defences can mean the difference between continued customer loyalty and a potential shutdown in operations, causing a massive loss of income as well as immense reputational damage.

It’s for this reason that Flooid takes security incredibly seriously. Our team of cybersecurity and information security experts work around the clock to ensure that systems and data are consistently monitored, and vulnerabilities are tested to make sure that any potential issues are flagged before they can be exploited.

And if the worst does happen and a retailer’s central network is targeted, Flooid’s composable infrastructure means so customers can still buy, and retailers don’t see a loss of income.

“Security isn’t an afterthought or add-on for Flooid,” said Dominic Mayes, Glory’s Information Security Officer. “It is baked in and integral to everything we do.”

“From the first time we meet with a prospective client to our ongoing relationships, we keep on top of the latest developments in cybersecurity and continue to monitor a business’ needs as it grows and scales,” he said.

“No matter the challenge, Flooid keeps retail operations running smoothly.”

We spoke to Dominic about the ways Flooid is continuing to deliver value and help keep retailers and their customers safe.

What are the cybersecurity issues facing retailers today?

Retailers today face an unprecedented volume and sophisticated variety of cyber threats. These threats range from opportunistic hackers to highly organized criminal groups and even state-sponsored attackers. One recent notable example is Scattered Spider, a threat group that is believed to have targeted major retailers such as The North Face and Co-op, using social engineering to impersonate IT staff and bypass multi-factor authentication.

The threat landscape has also shifted due to the increased use of AI. Attackers are now automating malicious scripts and creating highly convincing phishing campaigns, making it much harder for traditional defenses to keep up.

How does Flooid address these possible threats?

Flooid has adopted a defense in depth, proactive approach to security. This includes strong access controls, regular vulnerability scanning and penetration testing, and an integrated secure software development lifecycle. Every piece of code is subject to peer review, automated scanning and threat modelling before release, ensuring that vulnerabilities are identified and addressed early. When we work with retailers, we make sure that their estate is assessed, constantly monitored and that data is always secure.

We are also held to an incredibly high standard of security certification since we are ISO 27001 certified, meaning we are both regularly internally and externally audited, and we recently received a Mature security posture rating from independent assessors at CyberVadis, reflecting the depth and structure of Flooid’s security program.

What challenges might retailers face when it comes to security?

It’s important that retailers adopt a strong cybersecurity posture. This means ensuring their security strategies are linked and working in tandem to ensure that all security domains are covered, from in-store anti-fraud measures to vulnerability management, employee training and consistent monitoring. If one of these areas is considered an afterthought, the entire estate could be at risk.

Additionally, the financial and reputational impact of a breach can be significant. Aside from ransom demands, affected businesses may suffer long-term damage from operational downtime, brand erosion and regulatory penalties, meaning that pro-active prevention is essential.

How is Flooid currently innovating in retail security?

Downtime in retail environments can be catastrophic, especially at the point of sale. Flooid’s systems are designed with a core resilience, meaning if central networks go down POS devices can continue to function independently, enabling stores to remain operational.

Flooid also has robust disaster recovery and business continuity planning in place. Each client environment is deployed across several distinct cloud or server regions, ensuring that in the unlikely event one data center fails, operations can seamlessly continue from the others, making full disruption unlikely.

Data protection is equally central to Flooid’s information security framework. We carefully analyze the data we handle to minimise personal data exposure and comply with GDPR and DPIA regulations. Personal data is encrypted both at rest and in transit, and access is restricted to only those who need it.

Finally, a dedicated Security Information and Event Management system aggregates logs from across the infrastructure and feeds them into a 24/7 Security Operations Center managed by NCC. This team constantly monitors for unusual activity and escalates potential threats for review.

How would you sum up the value that your team brings to Flooid and its customers?

Security is no longer just a technical concern; it’s a business differentiator. At Flooid, we’ve built security into every aspect of our systems, not bolted it on. With decades of experience and insights from working with major global retailers, we continuously evolve our methods, review our processes and stay ahead of threats.

Retailers need partners that don’t just meet standards but exceed them. With our deliberate, robust security posture we can deliver a trusted and competitive edge.