How to keep cyber safe this holiday season

Avi Hein at AlgoSec shares some simple steps online retailers can follow to mitigate cybersecurity risks this holiday season

All organizations will experience added pressure during the holiday season, but the biggest impact will be felt by online retailers. Black Friday and Cyber Monday, which take place at the end of November, have seen a steady growth over the last few years. In 2020, Cyber Monday garnered $10.8bn, making it the biggest eCommerce day in US history. Black Friday, on the other hand, saw an online spending increase of about 22% YoY to around $9 billion.

Tackling the surge in website traffic and ensuring servers don’t fail is only half the challenge for eCommerce organizations. The flood of visitors could mask a more sinister problem with far greater repercussions, both financially and reputationally.

It is meant to be the most joyous time of year, but for many the festive period around Thanksgiving and Christmas can be the most challenging when it comes to cybersecurity. Cybercrime is a chronic problem that is evolving as our shopping behaviors change. The pandemic and subsequent increase in online shopping has given rise to various forms of attack methods such as card-not-present (CNP) crime, where a customer pays for goods without physically showing their credit card to the merchant. According to Juniper Research, retailers could lose $130bn globally in CNP fraud by 2023. Other common techniques including phishing, DDoS attacks or SQL injection.

Spreading festive cheer instead of fear

eCommerce retailers need to take online security seriously. They cannot afford to risk their customers’ data or reputation. While it’s almost impossible to keep every hacker out, there are tactics you can employ to avoid a large-scale takeover. Here are five ways you can ward off cyberattacks this holiday season:

• Remove the risk of human error and manual labor but migrating to automated application delivery and security policy management. With FireFlow, you can confidently automate your security policy change process from planning through risk analysis, implementation, and validation, all with zero-touch.

• Install and maintain your SSL certificate to encrypt the data exchanged between servers. This is a simple form of security, identifiable in website URLs as https:// that can generally block hackers from intercepting private information. It also adds customer confidence that you take data protection seriously.

• It’s hard to know where the faults are without doing some investigating. Regular penetration testing will alert you to potential kinks in the chain and give you the opportunity to fix the problem before an attack happens.

• Avoid collecting unnecessary information from your customers to reduce the risk of data leaks. Where possible, avoid storing credit card details, especially on a public server.

• IT vendors will regularly roll out patches to fix identified vulnerabilities. Keep up to date with the latest updates and run the most up to date version of your applications.

If you work in eCommerce and want some advice on how you can make this time of year full of cheer, speak to one of the team or arrange a personal demo here.