Cybersecurity Checklist for Online Retailers This Holiday Season
E-commerce sales are set to hit new records with shoppers turning to mobile devices and the web to make their purchases. According to Forrester, online spending is expected to jump 11 percent year-over-year. Forrester anticipates that U.S. online holiday sales will exceed $95 billion.
As retailers focus on capturing every sale they can between Thanksgiving and New Year’s, cybercriminals want a piece of this profit. The festive period is poised to see a massive uptick in cyber attacks, with the bad guys already testing their techniques. A recent study detected 45 million attacks specifically aimed at online retailers over the past three months, up 25 percent from the previous quarter.
It’s a given that much of the focus for retailers is on marketing during the fourth quarter. However, in the midst of all the hustle and bustle, here are five IT security measures to check off which will help promote a safe and confident shopping experience for consumers and go a long way to preserve revenue and reputation for your brand.
1. Posture against distributed denial of service (DDoS) attacks. A DDoS attack can paralyze your business. Make sure your hosting provider has the bandwidth and appliances necessary to mitigate such an attack. Internally, make sure you have processes in place for monitoring and analyzing web traffic, and that your staff is trained to act quickly should an attack occur. Consider having two internet service providers (ISPs) to maximize uptime in case of an attack.
2. Require complex passwords. Hackers can breach your site by using stolen (or guessed) passwords of your customers and employees. Require that your customers’ passwords include a combination of numbers, letters, special characters and different cases. Train your employees on the importance of strong passwords, and don’t let them access your network from their personal devices and home computers where you have no control.
3. Classify and encrypt customer data. Ensure your data is secured properly and classify each type of information with tags like “internal,” “classified,” “public” and “restricted” so you can manage the encryption levels accurately. Encrypt your sensitive data, including payment and customer information, to stop identity thieves and hackers from accessing the credit card and billing information of your customers. Encrypt the data from the moment the online portal has captured customer data.
4. Protect encryption keys. It’s not enough to simply encrypt your data. Protecting your encryption keys is a necessary component to ensuring your most critical data is safe. Otherwise, it’s like locking your front door, then “hiding” the house keys under a flower pot. Make sure you have a robust key management system in place, with sensitive keys under dual control.
5. Secure your payment systems. Use strong SSL authentication to authenticate your identity and encrypt data while in transit. If you collect credit card data, ensure your systems are all PCI (Payment Card Industry) standards compliant. For example, never store credit card information in the clear. And keep the data you do store to a minimum — just enough for you to process refunds or chargebacks. The risk outweighs the convenience and your customers will understand.
These five tips are designed to help get right to the root of locating and protecting sensitive data. There’s no debating the need to keep the safety of customers’ personal and financial information front and center. During the holiday season especially, online retailers need to step up safeguards as cybercriminals have shown they don’t discriminate when targeting victims. The risks apply to all.
Avner Mor is the co-founder and CEO of Dyadic Security, a company that protects data with a secure solution for data encryption, key protection and authentication.