4 Tips for Retailers to Keep Websites Secure in 2014
The holiday shopping season is over, and if one thing is certain, the increase in traffic wasn't just good for retailers this year. Holiday shopping proved to be a boon for fraudsters and cyber attackers as well. Cloud services provider Akamai reported that attack traffic surged on Black Friday to five times the normal level earlier that month. As retailers reflect on their experiences this past holiday season and begin to plan for a more lucrative and secure 2014, there are a few steps they can take to prepare their e-commerce site for the ever-growing trends of online shopping, device adoption and cyber security risks.
These steps are seemingly simple, but e-commerce decision makers are finding themselves in a bit of a conundrum when it comes to the security of their websites. On the one hand, they need to secure their websites against an array of potentially very sophisticated attacks, but on the other hand, implementing too many rules that are too stringent can alienate legitimate shoppers. So, how do retailers secure their websites and protect their data while ensuring that customer experiences aren't negatively impacted? Here are four tips:
1. Monitor threats and trends. If you don't have a program or system set up to help monitor the threat landscape and latest attack trends, now is the time to get one. This can be a time-consuming task that leaves many experts guessing about what their real threats are. Many security vendors and partners serve as trusted resources on the topic. Be sure to leverage those resources and make informed decisions.
2. Access the latest rules. Once you've identified new threats, you need to find a way to access the latest rules to protect your site from those threats. It seems easy and straightforward enough, but all too often these first two steps are ignored. Retailers, if they aren't working closely with their partners — or if they don't have in-house staff dedicated to security issues — get pulled in other directions and assume their current rules are "good enough." It's just not true. Rules and attacks are changing quickly, and websites need to evolve with these changes to avoid vulnerability.
3. Weigh the risk and reward of your rules. As mentioned above, retailers are finding themselves in a bit of a tough spot when it comes to deciding which rules to implement. By updating too many rules, they can oversecure their sites, leading to false positives and the denial of legitimate traffic (and possible revenue). These users are either wrongfully blocked from the website or, if they're still allowed access, experience a much slower site.
Negative user experiences could lead to negative impacts on revenue and brand affinity. However, if retailers update too few rules, they run the risk of a threat and downed site, yet again leading to lost revenue and weakened brand credibility.
So how do you tackle this double-edged sword? Test, test, test. This will allow you to find a happy medium, ensuring both a quality user experience and secure website.
4. Update your rules. Now the rules are in place, but you can't just ignore them and hope they're working properly. Updating your rules is like flossing. Everyone knows they should be doing it, but it can be an easy step to forget and difficult to find the time to do it. Keep in mind that security isn't an instant fix; it's an ongoing process. Once you've updated your rules, it's back to step one in order to maintain that security and prevent your website from falling victim to an attack.
Depending on the size of your organization, securing a website can be a full-time job. Attackers are working overtime to poke holes in retailers’ security measures, so it's essential that experts are up-to-date on the latest threats and trends, and that they're constantly re-evaluating the rules they've implemented. If you don't have the time to manage these processes yourself (understandably), you must ensure that you're working with a trusted third party that will monitor threats and update rules regularly.
Daniel Shugrue is the director of product marketing at Akamai Technologies, an online content delivery network.