The holiday season is an important time for many businesses, in particular online retailers. There’s great opportunity for increased sales, increased traffic to your website and overall chaos of the season. The holidays are peak season for increased data and security risks as well as for hackers to target online retailers. Increased traffic levels help disguise hackers from detection and retailers are preoccupied with preparing Black Friday sales or putting final touches on holiday email campaigns. To help make sure you deliver a safe and secure online shopping experience this holiday season, it’s more important than ever to maintain your data and web security. Below are a few security measures in order for you to ‘Tis the season to watch security for your organization.
MAKE SURE YOU ARE PCI DSS COMPLIANT.
PCI DSS (Payment Card Industry Data Security Standards) are requirements for organizations that process, store and/or transmit credit card information to do so safely and securely. Make sure you are PCI compliant, and add a visible badge to your website and/or application in order to reassure your customers and signal that payment information is properly encrypted and stored safely.
HAS YOUR SITE ENABLED HTTPS / SECURE BROWSING?
Have you ever noticed the small “Secure” tab in a browser’s URL bar? This is what the industry calls a digital certificate, generally provided by a 3rd-party Certificate Authority to verify that the site encrypts all HTTP traffic. In efforts to keep the contents transmitted by the site, whether it be a request, or response, secure for visitors. Digital certificates are another easy sign to your customers that they are on secure site that can be trusted.
ARE YOU PREPARED FOR A POTENTIAL DDOS MITIGATION?
A Distributed Denial of Service (DDos) attack presents a real threat for online sites and applications. DDoS events are designed to flood a website with traffic and repeat requests. DDos events are always a possibility and can happen anytime, often times they are preceded by an message from the hacker with a demand. Unless requests are diverted or blocked, DDoS will slow down or completely crash a web application or site, making it impossible for users to access it. Retailers need to be prepared at all times and invest in a monitoring and DDoS mitigation solution. Even one hour of downtime during this season may cost retailers significantly.
IT’S IMPORTANT TO BE EDUCATED.
Some of the largest security breaches to organizations have originated from relatively simple methods, see some examples below and ways to combat against them.
- Phishing: Seasonal phishing scams turn up every year. Employees are shoppers too, and they may get email on company computers offering (literally) unbelievable bargains. If they open an attachment or follow a link from the message, they might let malware onto the computer. The consequence could be a data breach or damage to files. It’s a good time to remind employees of the risks in email spam and tell them to be wary of offers that are too good to be true. Having a good spam filter will keep the risk down and reduce the time employees have to spend sorting their mail out.
- Gift cards: Gift cards, especially ones you can buy and use online, are very popular this time of year. Fraudulent gift cards are very popular with crooks. They use stolen credit card information to buy cards. Using online accounts, it’s easy to convert them to money. Businesses that try to create their own gift cards don’t always have the expertise to make them really secure.
- Insider Threats: The holiday season means hiring temporary employees and entering short-term business arrangements. Both of these can open up security risks. Temporary employees who lack the experience and commitment of regular employees can be careless about security. They might use weak, easily guessed passwords and write them down where others can see them. A few may have taken the job for the chance to commit larceny. Temporary contractors sometimes need access to your business’s network. If you don’t take appropriate security measures, vulnerabilities in their computer systems can let criminals get into yours. This is what happened to Target in 2013. Giving a contractor unrestricted access to its network let intruders get in through the contractor’s site and grab credit card information.
- Stress: The holiday system is stressful for many. They’re dealing with heavier workloads, commuting in traffic jams, and making their own holiday plans. Sometimes they’ll be tired and careless. Mistakes lead to security breaches. Pressure to meet sales goals can lead retail staff to resolve issues without sufficient verification.
- Too much change, or not enough: Businesses may put new technology into place just in time to handle the holiday rush. Employees will be less familiar with it, and it may inherently not be very secure. That’s a source of new risks just when there’s too much else to deal with. On the other hand, a company may order a freeze on all changes to a site, in order to minimize downtime. This avoids some risks, but if it means not installing the latest patches, it can leave security holes open.
The holidays are a crucial time of year for many organizations and the cyber threats are real and can significantly affect profit margins for your company. Lockr’s key management can make your business website more secure, by providing a consistent and safe way to store access and communication keys. Even if data breaches do occur, Lockr’s secure, offsite key storage will keep them from cascading into breaches of other services. Lockr works with all API and encryption keys, so criminals can’t get themselves holiday gifts at your expense.