Holiday shopping is in full effect, and consumers, as well as retailers, are taking advantage of the benefits of the internet. US online shopping has steadily increased over the years. On Cyber Monday in 2013, e-commerce sales came to $1.74 billion, a rise from $1.47 billion the previous year. In 2014, online consumer spending on Cyber Monday surpassed $2 billion for the first time. This year the total is expected to jump even higher. While connectivity is opening doors for buyers and businesses and all this growth has it perks, it comes with consequences—the cyber hacking kind.
Hot off the heels of October, which was National Cyber Security Awareness Month, the conversation around holiday shopping cybersecurity, and security overall, is one that experts say needs to be at the forefront of every company’s strategy.
What are measures retailers can take to heighten their online security?
Alan W. Silberberg, CEO of Digijaks and advisor on cybersecurity for the US Small Business Administration, says retailers need to use two factor authentications for any of their online sales, marketing or e-commerce platforms, and that passwords cannot be saved in any kind of clear file. They need to be encrypted and hashed.
Silberberg adds that companies must pay special attention to security alerts from web monitoring, cyber security, and even anti-virus and malware detection programs. And if they don’t?
“Ignore at your peril,” warns Silberberg, pointing to high profile point of sale attacks including one during the 2013 holiday season where thousands of security alerts were ignored or not answered.
With shopping becoming increasingly digitized, how can retailers keep up? Is there a way to outrun hackers?
Carey D’Souza, CEO of Sonikpass, a Cybersecurity and Identity management company, recommends that company’s choose a platform that has strong security features like a clear separation between internal administration and external customer facing areas.
Here are some tips he offers in addition to stronger password enforcement.
- Do not allow guest checkouts. A surprising number of online retailers have this feature.
- Only allow secure connections, meaning use HTTPS not just HTTP.
- Don’t store sensitive data. If sensitive data must be stored use very strong encryption.
- Monitor systems constantly and set up alerts based on activity, transaction amount and volume.
- Enforce address and credit card verification. Again, a surprising number of platforms and sites don’t require CVV.
- Do not assume that your hosting provider is updated on the latest patches and has an updated PCI compliance.
- Get an external security audits done regularly. There are many agencies that specialize on this.
- Have a very clear disaster recovery plan to restore systems in case of an attack that renders the primary system online. Ask you solution provider or hosting partner to provide you with a copy of their disaster recovery plan.
Finally, D’Souza emphasizes the importance of understanding that IT and cybersecurity are two different functions.
“Don’t ask or expect your IT admin to also take care of cybersecurity,”“Don’t ask or expect your IT admin to also take care of cybersecurity,” says D’Souza. “Hire a security analyst to focus purely on that. Hackers are always going to be a threat to retailers. The only way to stay protected or ahead is to constantly update and upgrade your IT infrastructure and cybersecurity policies.”