12 weeks until Christmas – is your business secure?

Spring has only just arrived but the countdown to Christmas is well and truly on. As we head into the holiday season, thousands of consumers will be turning to online stores to purchase gifts for their friends and family.

There’s no question consumers are becoming increasingly comfortable with the idea of shopping online – aided by the fact they can buy virtually anything from anywhere in the world without even leaving the house. But as more people turn to online shopping, it’s not just retailers who are taking advantage of the money making opportunities that come at this time of year.

The increase in people conducting transactions online in the lead-up to Christmas means a lot more credit card (and other personal information) is out there and vulnerable to attack. It’s this increase that provides what hackers might refer to as a “target rich environment”; and why the weeks leading up to Christmas are often referred to as the ‘Hacking Holidays’. So, while Christmas is busy for retailers – it’s also a very busy time for criminals.

Getting Ready for the Holiday Hacking Season 

At Aura Information Security, we have seen a rise in extortion and ransom ware traffic over the past year. In fact, according to a report by Proofpoint there has been 600% growth in new ransomware families since December 2015. Unfortunately it’s not just blue chip businesses and banks that are targets. In fact, over the coming months it is likely online retailers will be targeted too. This is purely because of the Christmas factor – fraudsters take advantage of high transaction volumes to hide their activities, specifically stealing customer data!

So, if you are a business that transacts online and has a credit card payment facility on your website, what do you need to do? You need to prepare; and now is the perfect time to do a good spring clean and make sure security is up to scratch.

Why?

• Online consumers are easy prey due to their low awareness. Often they think it’s the role of the organisation they are purchasing goods off to ensure they are secure. For this reason, online retailers need to be vigilant when it comes to security.
  
  
• Businesses most at-risk during the ‘Hacking Season’ are likely to be those that experience a spike in sales and / or website visits in the lead-up to Christmas. This is especially the case if your business processes or stores credit card data.
  
  
• It’s good practice to take a responsible approach to security – don’t wait to be attacked, front foot the issue and take the necessary precaution to ensure your business is secure.
  
  

What do you need to do?

• Have a plan – be familiar with your website, support systems, network, and compliance requirements to determine the organisation’s current security stance. To truly understand and assess this you’ll need a boundary review of your business and website. Perform a GAP analysis involving the comparison of actual performance with potential or desired performance to understand your strengths and weakness.
  
  
• Get ready – once you understand your security stance, like most businesses you’ll need to take some action and make changes such as a specific penetration test of your website to understand how a real hacker might go about compromising your website. It is also advisable to protect your website to block known vulnerabilities – commonly known as a web application firewall.
• Be prepared – assuming you will not get attacked or breached is a false assumption. If an attack or breach does happen, what would you do and how should you react? Most businesses have not even thought about this and have no plan in place. It is essential to put an action plan together with security policies that assist in meeting compliance requirements and recovery plans from an attack. All organisations should be doing this.
  
  

To summarise, for many retailers Christmas is considered a crucial sales period. However, without ensuring security is up to scratch many businesses face risking their customers’ data; and their own reputation. Now’s the time to check with your IT department and third party vendors to make the necessary updates and changes. Do that, and you’ll be prepared. Just remember, hackers have been preparing for the holiday for months … just like your business should be.