Best Online Cybersecurity Practices

Ron Frechette

Cybersecurity Awareness – By Ron Frechette, The Cyber Coach

The holiday season is here, and the shopping spree has already begun. Cybercriminals gear up during the holiday season. A recent study conducted by McAfee analyzed the changing behavior of online shoppers in today’s evolving cyber threat landscape and highlighted some of the most critical risks impacting e-commerce consumers:

• 74% of consumers between the ages of 18 and 25 do not check the authenticity of gift cards
• Only 37% of respondents were aware of cyberattacks and associated risks

Risks of Online Shopping during the Holiday Season

As the volume of online sales increases, so too does the number of cyberattacks against online retailers. In previous years, hackers have placed malicious code on the retailers’ websites to capture sensitive data on consumers—names, addresses, credit card numbers, and more. Also, retailers’ APIs are lucrative targets for attackers, as they hold sensitive payment and transactional data belonging to customers and businesses.

Moreover, the online shopping boom results in retailers experiencing more cyberattacks. Some of the significant cyber-threats retailers must be aware of include:

• Digital skimming attacks: hackers steal customers’ personally identifiable information (PII). Cybercriminals exploit the security vulnerabilities of the third-party JavaScript running on the retailer’s site. Then, malicious code is inserted that skims the credit card information and other sensitive data.
• Credit card frauds: hackers use stolen card details to make purchases on e-commerce sites. Gift card frauds are also widespread during the holiday season as they have lesser protection than credit cards.
• Denial of inventory and scalping attacks: hackers repeatedly add an item to the shopping cart to deplete its stock. With items constantly out of stock, customer frustration increases, and business is affected adversely. Moreover, cybercriminals deploy bots in scalping attacks to buy the most popular products and sell them elsewhere at inflated prices. 

Best Practices to Secure Online Sales During the Holiday Season

This doesn’t just apply to large online retailers; it’s also necessary for small businesses and brick-and-mortar stores to secure their point-of-sale (POS) systems. These are the cybersecurity best practices to prepare for the holiday season:

1. Monitor real-time data from endpoints and other systems interacting with your organization’s network. This adds visibility and prevents malware from being deployed into the system.
2. Keep all software and applications up to date via patch management and vulnerability prioritization. Protect website functionalities and safeguard newly-added pages or features with bot mitigation solutions and a strict ruleset.
3. Prepare for a high volume of traffic and DDoS attacks by testing your infrastructure to ensure protection across all web resources.
4. Implement proper cybersecurity practices for users: strong passwords, multi-factor authentication, and reminders to change their passwords.
5. Perform regular data backup to increase the availability of business operations in case a cyberattack occurs.
6. Having a robust incident response plan in place is crucial for recovery procedures.
7. Implement continuous cybersecurity awareness training for staff members.

Despite the stresses of the holiday season and the evolving threat landscape, strong cybersecurity measures can deter cybercriminals—for large retailers and small businesses alike. Cybersecurity awareness and training is a best practice that works with end-users to help detect suspicious email or phishing attacks. And even if a breach occurs, a robust incident response plan will enable organizations to respond promptly, securing the integrity of sensitive customer and business information and other configuration data from the POS system. So implement these best practices to keep your business running smoothly during the holiday shopping season and beyond.

by

by