November 18th, 2020 by admin
While the world is excited to focus on the cheer and goodwill that accompanies the holiday season, cybersecurity criminals will use the good mood to wreak havoc. And the fact is, this year, more than ever before, Santa must go digital, so online shopping is going to spike. In a survey of 2,000 U.S. consumers, 70% of respondents reported plans to continue shopping online for some or most of their shopping due to COVID-19. So, make data security a part of your employee interactions and discuss your company policies and best practices during your pre-holiday planning meetings.
For retailers to stay on a consumers’ “nice” list, they will need to make sure their security and operations are up to par. Given the quick shift to online-only shopping for many retailers, it’s not a huge surprise that consumers are nervous about their online security. Over half (60%) of respondents reported feeling more worried about their data security going into this holiday season—and this can be a make it or break it moment, as 70% reported that they would stop shopping for a few months or indefinitely if a store suffered a data breach. Meanwhile, of the 14% of respondents who said they’re planning to shop with different retailers this holiday season, many reported perceived security or privacy issues (20%) as the cause.
Despite the rise in businesses using chatbots to handle customer service requests, consumers are still using traditional channels to make their voices heard. Most respondents reported using email (about 36%) and phone (33%) for customer service needs. With customers’ sharing potentially confidential information via these channels, it’s imperative that businesses have the tools they need to receive this information in a secure way through these mediums.
Data Security Tips that Work
Safeguard your credentials: “Password123” isn’t going to cut it. Use at least eight characters with a mix of upper and lowercase letters and special characters. Avoid using the same credentials for different sites and services. Use a password manager to track and store your passwords.
Use dual-factor authentication: A hacker can crack a password, but dual-factor authentication means they’ll need a code that’s texted to your phone to sign into your accounts. That simple extra step makes hacking your account almost impossible.
Update Your Software and Systems: Many successful exploits are against unpatched systems or computers. After a vulnerability is known and a corresponding patch is released, it’s critical that you update your plans. Typically, a crucial patch should be updated on your systems within 30 days, but we recommend it as soon as possible. Hackers will quickly craft exploits to match the vulnerability, because they know that most businesses won’t install patches promptly—and for those that do, the patch may not reach all computers and devices. It’s good practice to have a member of your IT team assigned to stay on top of updates.
Review Security Procedures with Staff: Phishing campaigns spike during the holidays because the transaction volumes create an environment of increased susceptibility to being deceived into opening an email and clicking on a link. Employees will likely receive emails (and increasingly, SMS texts) with fake coupons, malicious attachments, even spoofed shipping notifications, and party invites. These schemes aim to collect sensitive personal or corporate information or serve malicious malware. Make sure to review email and website security policies, guidelines, and procedures with employees, in addition to your regular security training.
Protect Any Stored Credit Card Data: Storing unencrypted cardholder data on a server poses a risk for the company. Once a hacker gets access to a system, stored unencrypted payment data makes it it’s easier for them to export and sell your customers’ credit card numbers and sensitive information. If you must store cardholder data, it is best practice to encrypt it while it is stored or transmitted. You should use a trusted card data discovery tool to find out if you are inadvertently storing plain text cardholder data anywhere on your systems or devices. If your company takes orders over the phone or mail, you should be sure that if cardholder data is written down, it is properly destroyed in a timely manner.
Test Your Website and Network for Vulnerabilities: Companies don’t want to be inconvenienced in the middle of the busy holiday season with an emergency maintenance window to fix misconfigured firewalls, remove malware hazards, or remote access vulnerabilities. A company should be proactive rather than waiting for a data breach to clue them in. Regular vulnerability scanning is an essential procedure that checks for vulnerabilities and security holes that could enable backdoors, buffer overflows, denial of service, and other types of malicious attacks which ultimately could cause downtime and prevent potential orders from taking place.
Avoid Problems by Preparing Now: Transaction volumes during the holidays add complexity to the task of protecting corporate, customer, and personal data. Even so, industry-wide education and implementation of best practice security measures will go a long way toward minimizing the effectiveness of attacks and preventing data breaches. Sound security principles and proactive best practice implementation, policy and procedures will serve as the foundation for your business’s cybersecurity this holiday season. Avoid snags, upsets, delays—or a devastating breach—by getting into good security habits now.
Get holiday-ready with a full cyber security evaluation. Request yours now.
Posted in: Security