The holiday rush is upon us, and consumers continue with their shopping sprees well into the new year. However, hackers will also have a field day trying to profit from all this holiday traffic.
The best approach to a security threat is to be proactive, to reduce the likelihood of being attacked, and to reduce the impact, should there be any.
The second half of the year saw more than 500 million data records compromised by security threats. One of the more recent security hacks happened just this October with a DDoS attack on internet management company, Dyn.
It’s even more worrisome when the compromised targets involve financial systems and personal records.
The truth is this: Data breaches, DDoS attacks, malware, and other security breaches are always going to be there to challenge any system. The best action is to take a proactive stance toward securing your systems. When there is due diligence towards security, it discourages or slows down hackers from targeting your organization.
Ready for the holiday rush?
This year, NRF Research projected holiday sales to increase by 3.6 percent to $655.8 billion. In the same research, online sales are forecast to grow by 6 to 7 percent from last year’s number to $117 billion. If you want a piece of that pie, it’s not only time to ramp up your marketing efforts. It’s also important to get aggressive in protecting your systems, your brand, and most important, your customers’ trust.
Here’s a checklist on what you should do to ensure all systems are “go” during the holiday rush:
- Create an inventory of your assets. Having a list of what you need to protect makes it easier to create policies and implement them. These include customer data, applications, and systems that help run your business.
- Calculate risks, then prioritize. Which assets take high priority? All assets need to be secured, but with the amount of data, prioritizing is a sound business continuity step.
- List threats, then anticipate. Once you have an inventory of your assets, you know which threats to anticipate. We don’t want to sound negative, but knowing what can affect your business makes it easier to design a defensive system. Putting such measures in place is also the best offensive strategy in warding off attackers.
Include these threats in your list:
- Extortion Hacking – The Sony PlayStation incident is a painful example of an extortion hack. Hackers steal information from your system and threaten to release it to the public.
- IoT Botnet – Just when things are getting interesting with IoT, here comes the year where it presented its vulnerability. The DDoS attack on Dyn is an example of an IoT Botnet attack.
- Backdoor Hacking – Backdoor hacking is a sophisticated attack, where hackers install firmware on a security level to decrypt VPN traffic. A Virtual Private Network is, as the name implies, private, therefore should not be made accessible to outsiders of that VPN. Once this is compromised, nothing good comes out of it.
Hacking to change information – So far, data thefts are the most serious of cybercrimes. But even so, who’s to stop hackers from manipulating data such as changing information, instead of stealing it?
Another threat that companies should be cautious of is the threat posed by their own employees. Whether done with malicious intent or simply a result of carelessness, employees are one of the biggest risks that any company will face and one that is more difficult to combat. In fact, according to the 2016 Cyber Security Intelligence Index, 60 percent of all attacks were carried out by insiders.
Moreover, social media is now the research channel for Marketing, but it looks like Marketing isn’t the only one watching. Employees, just like consumers interact on social platforms but also websites to get information.
Here are some additional steps you need to undertake:
4. Secure your point-of-sale apps. Point-of-sale applications, whether for e-commerce checkout or physical in-store payment systems, usually collect customer data, such as name, contact information, delivery address, and even credit card details. This means your POS systems should be doubly secure, in order to protect against data theft or leakages. Invest in a system that will keep unauthorized employees from prying into customer data, for example, and make sure your payment processor utilizes strong encryption, to prevent any spoofing or man-in-the-middle attacks.
5. Ensure adequate training. In light of this, include security training as part of your policy. If you have retail staff, it’s important to keep things fresh on their minds at the most critical or busiest time in the business.
6. Get DDoS protection now, not when you’re under attack. When an unsophisticated DDoS attack takes down most of the East Coast’s internet, you know you should be taking this threat a bit more seriously. And even if it’s not DDoS, you probably expect a deluge of traffic during the holiday rush, so you will need to strengthen your e-commerce infrastructure against downtime.
7. Establish a better partnership with your service providers. Your internet and domain provider are business partners, so start looking at them as such. As a partner, they become an enabler of your company objectives. Set an opportunity to discuss what your hosting provider is doing to ensure your data is secure.
8.Update your business continuity and disaster recovery plans. We cannot stress enough the importance of ensuring BCDR. Cybersecurity IS a part of this strategy. A BCDR plan is a proactive strategy to anticipate any downtimes so that you can continue servicing your customers’ needs and ensure your company is at its optimal performance.
The holiday season is the busiest time for most businesses, aside from year-end activities, which means it is in these times that we must be more vigilant protecting consumers’ data and ensure their experience with our brand online is always exceptional. If you have not spent the time and effort in ensuring the security of your brand and infrastructure, now is the time to do so.
More articles on Pointofsale.com:
Get The Point of Sale News once a month, once a week or once a day. Subscribe here.