With the major holiday season just around the corner, many retail businesses are gearing up for the shopping frenzy to commence. Increasingly customers are turning to online shopping to avoid queues and to bag a bargain. Therefore it is essential that online retailers are prepared to service the high customer demand.
Unfortunately for retailers, cyber criminals will be also looking to cash in on this lucrative period and can cause major issues for businesses. If a retailer’s website suffers even one hour of downtime, this can result in a significant impact to the reputation and most importantly the revenue of the business.
In this article, we highlight a few key steps retailers can take to keep their website safe from cybercrime during the holiday period.
Secure your traffic
TLS is an encryption protocol to encrypt data in transit. It is highly recommended that Transport Layer Security (TLS v1.2 is recommended) is used to secure your web traffic. TLS v1.0 (and its predecessor SSL v3.0) are now obsolete.
All sensitive communications between your customer and your servers should be protected by encryption, significantly reducing the risk of data theft. Many shoppers now look for secure sites when making purchases, and implementing Secure TLS security will ensure that they can trust your site to protect their data.
Patches and updates
Make sure your web servers and supported infrastructure is running the latest updates and patches. This ensures that your systems are not vulnerable to known attacks that could result in significant down time. If you use a third party to manage any part of your website, make sure they have a good vulnerability management program in place.
Contact your ISP and discuss your options against Distributed Denial of Service attacks. These attacks flood websites with traffic until they are no longer able to receive genuine requests, effectively bringing the website down.
There are tools available to help you monitor your web traffic that would help you identify any spikes in demand. Furthermore there are also third party companies that offer DDoS protection services as a paid for service.
Scan and test
If you want to be certain about the security of your website, vulnerability scans and penetration tests will determine if your website has any vulnerabilities that could be exploited by Cybercriminals. Regularly scan systems as part of your vulnerability management program, to ensure you are not caught unaware that you could be providing insecure services to customers.
Have an incident response plan
To be able to deal with the worst, you will need to plan ahead. In case there is an incident you need to ensure you have an Incident Response Plan (IRP) in place. This details a process to follow to ensure your business processes are up and running as soon as possible. In the case for online retailers, this plan may include a backup/failover website, so the website is made available in minimum time.
Talk to Sysnet about reaching out to your customers with our Merchant Contact Services. We offer a wide range of services from inbound terminal upgrade support through to outbound merchant contact. Promoting a new service on your behalf or even safer business practises. For further information or to request a call back visit Merchant Contact Services, email firstname.lastname@example.org or contact your Sysnet Business Relationship Manager.
If you are a merchant that requires technical or PCI DSS help, please click here