10 Cybersecurity Tips and Strategies for Retailers During the Holiday Season & Beyond
With just a few days left before the official kick-off of the 2019 holiday shopping season, it’s easy to get swept up into the magic and excitement that it brings. Especially if that means your business is expecting to see an influx of profit from holiday shoppers. Many retailers use Black Friday, Small Business Saturday, and Cyber Monday as drivers for business as they offer special promotional deals to shoppers. The Thanksgiving holiday weekend in 2018 pulled in record numbers with $6.22 billion in online Black Friday sales, nearly $18 billion from Small Business Saturday sales, and 7.9 billion on Cyber Monday. Yet the responsibility of keeping shopper data safe and protected is a burden felt in the days and months leading up to the season that many don’t look forward to. How can they when retailers also saw a record number of online retail data breaches in 2018? Unfortunately, cybersecurity isn’t one of those areas where merchants can afford to avoid responsibility.
If you haven’t been practicing a holistic approach to security, now is the time to make your plans and resolutions for 2020.
Here are 10 cybersecurity tips and strategies for retailers during the holiday season and beyond.*
- Use two-factor authentication (2FA) for online platform passwords, and make sure passwords are encrypted and hashed.
- Do not allow guest checkouts. A surprising number of online retailers have this feature.
- Only allow secure connections, meaning use HTTPS not just HTTP.
- Don’t store sensitive data. If sensitive data must be stored use very strong encryption.
- Monitor systems constantly and set up alerts based on activity, transaction amount and volume.
- Enforce address and credit card verification. Again, a surprising number of platforms and sites don’t require CVV.
- Do not assume that your hosting provider is updated on the latest patches and has an updated PCI compliance.
- Get an external security audits done regularly. There are many agencies that specialize in this.
- Have a very clear disaster recovery plan to restore systems in case of an attack that renders the primary system online. Ask your solution provider or hosting partner to provide you with a copy of their disaster recovery plan.
- Understand that IT and cybersecurity are two different functions and should be treated as such.
As Carey D’Souza, CEO of Sonikpass cautioned in a recent Cisco Blog post, “Don’t ask or expect your IT admin to also take care of cybersecurity. Hire a security analyst to focus purely on that. Hackers are always going to be a threat to retailers. The only way to stay protected or ahead is to constantly update and upgrade your IT infrastructure and cybersecurity policies.”
In today’s digital world, dedicating resources specifically to detect, contain, and control cybersecurity threats should be a priority for all businesses. If you need help identifying gaps in your cybersecurity plan or with vulnerability management, IE can help. Learn more about our security solutions today.