With the holiday shopping season just around the corner, and sales spikes predicted to hit earlier than ever before, the stress level of many retailers and consumers is soaring. According to ChannelAdvisor’s Online Retail Survey, 59% of US and UK retailers kicked off their holiday promotional campaigns in September for what is going to be, according to the National Retail Federation online sale, an intense and profitable holiday season.
Rather than braving the cold weather and crowds the holiday season brings, many consumers opt to shop from the comfort of their own homes. And when people can browse the web in their pajamas for their holiday must-haves, they can start doing so well ahead of the holidays, giving retailers no other choice but to gear up for their sales earlier than they did last year.
But, retailers aren’t the only ones on the starting block. Online shopping season is also a stressful period for IT professionals who support the online shopping infrastructures. With such high volume and worth of transactions during the holiday season, IT teams have a lot to focus on and sometimes data confidentiality and integrity can fall through the cracks. This is exactly what cybercriminals are looking for.
So, What Can Retailers Do to Prepare?
The Payment Card Industry Data Security Standard (PCI DSS) is a great way for retailers to establish a strong security baseline. It aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing and storage of credit card data in the rapidly evolving threat landscape. PCI DSS consists of about 200 requirements covering various aspects of network, system, application security and data protection while in transit and at rest. (For more information, check out the this PCI compliance guide, or our eBook, PCI: That’s the way it is)
Retailers should use this window before the holiday season to ensure that systems are compliant with PCI. As a minimum, the following measures should be considered before and during the Holiday seasons:
- Reinforce the security awareness messages among the staff and the customers
- Update your antivirus
- Scan the IT infrastructure for vulnerabilities, misconfigurations, viruses and malware
- Apply the latest patches and correct any misconfigurations you identify
- Execute a penetration test on the web application and fix the findings
- Validate your firewall rules
- Remove or disable any unnecessary protocols and services
- Review access definition on all servers.
- Assign security duties for monitoring and incident reporting
- Review incident management processes
- Review security logs daily
That said, security does not stop at the end of the holiday season, and we encourage retailers to continuously strengthen their security and compliance status. But hopefully by starting now, we can ensure a secure online shopping environment, and happy holidays for all!
A great next step is to find out if you have anything to worry about. Get a Free Assessment from CloudLock to uncover cybersecurity risk across your entire cloud environment– SaaS, PaaS, IaaS, and IDaaS:
- Expose potential compromised accounts, cloud malware, or data security violations
- Validate adherence with internal or industry-governed regulations – PCI, HIPAA, FERPA, and more
- Receive a business analysis, mapping findings to your organizational goals