4 Tips for Retailers to Keep Websites Secure in 2014
The holiday shopping season is over, and if one thing is certain, the increase in traffic wasn't just good for retailers this year. Holiday shopping proved to be a boon for fraudsters and cyber attackers as well. Cloud services provider Akamai reported that attack traffic surged on Black Friday to five times the normal level earlier that month. As retailers reflect on their experiences this past holiday season and begin to plan for a more lucrative and secure 2014, there are a few steps they can take to prepare their e-commerce site for the ever-growing trends of online shopping, device adoption and cyber security risks.
These steps are seemingly simple, but e-commerce decision makers are finding themselves in a bit of a conundrum when it comes to the security of their websites. On the one hand, they need to secure their websites against an array of potentially very sophisticated attacks, but on the other hand, implementing too many rules that are too stringent can alienate legitimate shoppers. So, how do retailers secure their websites and protect their data while ensuring that customer experiences aren't negatively impacted? Here are four tips:
1. Monitor threats and trends. If you don't have a program or system set up to help monitor the threat landscape and latest attack trends, now is the time to get one. This can be a time-consuming task that leaves many experts guessing about what their real threats are. Many security vendors and partners serve as trusted resources on the topic. Be sure to leverage those resources and make informed decisions.
2. Access the latest rules. Once you've identified new threats, you need to find a way to access the latest rules to protect your site from those threats. It seems easy and straightforward enough, but all too often these first two steps are ignored. Retailers, if they aren't working closely with their partners — or if they don't have in-house staff dedicated to security issues — get pulled in other directions and assume their current rules are "good enough." It's just not true. Rules and attacks are changing quickly, and websites need to evolve with these changes to avoid vulnerability.