During the insane holiday shopping season, more customers flock to your website than at any other time of year. With the spike in traffic comes an increased risk of data breaches as hackers seek to take advantage of the crazy rush and sneak in through security vulnerabilities in your network. Stop them in their tracks with these ten strategies for better holiday shopping security.
Assess Your Risks
Before the holiday craziness hits, perform an audit of your current security measures. You should already be doing this as a regular practice, but it never hurts to do an extra audit when you know your network is about to be at a greater risk for compromise. Look at statistics from past holiday shopping seasons, and use them to make predictions about customers’ shopping behaviors this year. How many dormant customers are likely to come out of hiding and buy so much their credit cards start smoking? How many new shoppers can you expect to have, and how many mobile devices will access your network? Mobile shopping is of particular concern due to the risk of customers accessing your site on public Wi-Fi. According to Braintree, only seven percent of businesses have a mobile-specific strategy for fraud prevention, but the greater the number of devices, the higher the risk of a breach, especially when connections aren’t secure.
Update Your Software
Outdated software is like a badly-wrapped present: It doesn’t take much effort to gain access to what’s inside. If you haven’t run updates since last holiday season, your network is almost guaranteed to be an open door for hackers looking steal your holiday shopping data. Run updates on all the software used on your network, whether or not it’s specifically related to security. Make sure the same is done on all devices employees use to access the network. While you’re at it, check the settings on firewalls and anti-virus and anti-malware programs to ensure everything is enabled. Get in touch with providers of third-party software, and ask if they’re planning to run holiday updates, as well.
Review Current Vendors
Vendors providing software and services to your company need to be taking the same security measures you are. Making regular updates, deploying security patches, and staying in compliance are all essential for the security of customer and corporate data on your network. Is the supplier of your payment gateway compliant with PCI standards? Is every vendor meeting GDPR requirements? Can you be sure customers using your mobile payment app are safe when they shop? Don’t let anything questionable slide. If something seems fishy when you check with your vendors, do some digging. It’s better to find out about vulnerabilities before the holiday rush really hits so that you can find another provider and be ready for the coming influx of shoppers.
You wouldn’t just give your loved ones gifts without wrapping them, would you? Not encrypting the data flowing into and out of your network is tantamount to doing just that. The difference in the consequences, however, is monumental.
Unwrapped presents ruin the surprise and may lead to disappointment, but unencrypted data lays private information out for hackers to take whenever they want. The holiday rush makes it harder to detect when a malicious third party has gained access to your network, and hackers can make off with an astonishing amount of customer information before a breach is discovered. As you’re wrapping up presents at home and waiting to play Santa for the kids, give your customers a gift, too, by implementing encryption or expanding your current encryption strategy to ensure it covers both onsite and cloud data. With proper encryption, any data hackers manage to grab will be worthless to them unless they’re willing to spend a lot of time trying to decrypt the information.
Minimize the Data You Collect
Asking for only the minimum amount of customer information necessary for transactions has two benefits:
- It increases the chances of one-time customers making holiday purchases because they don’t have to give you their life’s history at checkout.
- It boosts consumer purchasing confidence by reassuring them you aren’t collecting and storing too many personal details.
Implement Smarter Fraud Detection
More shopping means more activity on your network and more communication zooming back and forth between employees, customers, vendors, and suppliers. Hackers can slip phishing and spear phishing messages into the fray with ease, and it’s just as easy for the telltale signs of these messages to be overlooked in the midst of the craziness. New security solutions incorporating machine learning are evolving to recognize fraudulent activity, including phishing scams and activity resulting from clicks on malicious links. Since someone is probably going to get suckered by a fishy email during this year’s holiday shopping season, do yourself a favor and look into the security options you can implement to automate detection and prevent unauthorized access.
Set Device Policies for Employee Travel
Employees traveling during the holidays don’t always leave their work at home. In fact, more and more of them are staying connected to their companies even when they’re supposed to be on vacation. Safeguard your network from their workaholic habits with these smart rules for network access:
- Absolutely no use of public Wi-Fi when dealing with private data
- Use a VPN for remote network connections
- Establish remote lock and wipe tools for all devices
- Secure devices with two- or multi-factor identification
Also make sure employees know never to leave their devices unattended. Secure lock screens can be bypassed by enterprising hackers, and nobody wants to spend the holiday trying to hunt down a lost phone, tablet, or laptop while panicking about a potential data breach.
Be Aware of Employee Shopping Habits
No matter what kinds of policies you put in place, no matter how well you monitor your network, and no matter how many times you tell them to knock it off, employees are going to do their holiday shopping using the company’s network. Whether it’s hurriedly snagging Cyber Week deals over lunch or tapping their way through a last-minute order on their tablets in the break room, every action your employees take could put your network at risk. The only way to make sure they don’t let hackers come barging in is to engage in continual education regarding proper security practices. Employees need to know how to spot fake emails and avoid scam or spam websites. Even social media can be a target for hackers, so employees have to be discerning about what links they click on to ensure advertised deals are from trustworthy sources.
Build Continual Trust
Did you know 64 percent of shoppers want to make purchases only from reputable, known brands? If you operate in an obscure niche or you’re hoping holiday sales will give your startup a boost, this could mean you’re out of luck. Before you write off the holidays consider the power of customer relationships built on trust. Sixty-two percent of shoppers are concerned about the security of their personal information online, but if you can put this unease to rest, you can score more sales. How? Include trust seals to confirm your site is protected and secure. If you’re accredited by the BBB, post badges from those sites, as well. Take advantage of increased holiday visibility to nurture relationships on social media, and continue to keep in touch with new customers through your email list during the rest of the year.
Practice All Year
Once the holiday shopping season is neatly wrapped up, it’s natural to want to sit back and breathe a huge sigh of relief, preferably for several months. However, the new year isn’t the time to slack on sales tactics or security. You worked hard to protect your network and prevent your customers’ data from falling into the hands of enterprising holiday hackers. The best thing you can do is keep the momentum going. Don’t let down your guard. Continue to perform regular updates and run threat assessments. Implement routine cyber security drills to test the strength of your defenses, and keep employees in the loop regarding the latest threats. Be on the lookout for new and better security software and technology so that you can invest in the most sophisticated forms of data protection your business can afford. When you practice diligence in security around the holidays, it really can be the most wonderful time of the year. Give yourself the gift of a secure network, and send hackers away with virtual coal in their stockings.