Black Friday and Cyber Monday are a huge date in any online shop’s calendar. Whatever your size, and whatever you sell, this annual event is an important opportunity for you to make your customers (and your shareholders) very happy.
Unfortunately, this event offers hackers and scammers an almost irresistible opportunity too. With so many millions of people entering their personal details online – often in a hurry in order to grab the best deals – there are rich pickings for those who know how to take advantage of the situation. For your information, botnets and denial-of-service attacks are the most popular methods that miscreants use to bring down e-commerce websites.
What’s more, although the holidays bring a welcome surge in online sales for businesses, those merchants who lack the skills or foresight to protect themselves and their websites also face substantial losses. According to a recent study, a single hour of downtime on Cyber Monday for a website that sells directly to customers could cost them, on average, nearly $500,000.
But of course, those lost sales aren’t the only impact of an offline website. The report also found that disappointed customers who were unable to buy the products or services they wanted to, and therefore decided not to return and instead to shop elsewhere, could cause brand damage or up to $3.4 million. And just imagine the negative consequences if a customer blames your business for any security breach that impacts them.
All this adds up to a clear fact: it’s worth putting some time and expertise into protecting your website during Black Friday and Cyber Monday. However, although many merchants are well aware of the increased threat during the holidays – this doesn’t always mean they’ll take action. According to the same study referenced above, 64 percent of organisations are aware of the significant increases in attack activity during high traffic days – with a particular focus on Cyber Monday. But surprisingly, only a third of those surveyed said that they would take special precautions to make sure their customer-facing websites remained available and secure.
Here’s how you can buck the trend and be one of the smart ones.
1 – Make sure all your system software is up to date.
There’s a bunch of stuff to check, but here is the most important… If you’re using a LAMP server, upgrade your linux kernel. Make sure apache and php are up to date. Check you have installed an updated mod_security rule set. And so on.
2 – Remove any old software
This is such a common mistake, and so easy to do. If you’re the kind of person who loves to experiment with your site and are always looking for ways to improve it, chances are you have some old software kicking around in there somewhere. Did you test out a forum and then forget about it? Or experiment with a different shopping cart once upon a time? These files could be full of holes that more recent software has patched up – so make sure there aren’t any skeletons rattling around back there.
3 – Upgrade any front end software
Again, a simple and obvious fix, but so easy to overlook if your focus is elsewhere – say on fulfilling that truckload of orders that just came through. Whatever you’re using – from shopping cart software to a blogging platform – make sure it’s been upgraded to the latest version.
4 – Consider using a PCI compliant checkout system
The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards for any business that uses credit card information to help maintain a secure environment. Your business has to be PCI compliant to be legal.
PCI compliance isn’t always that easy, so if you want your customers to be able to pay for products or services via your website, it could be a really good idea to outsource your checkout process to one of the big guns – like Google Checkout or Paypal. Not only will they give your customers reassurance, you can bet your bottom dollar they’ll be well secured against online attacks.
5 – Scan your web applications
Finally, remember to scan your web applications – there are loads of free and paid tool that will help you spot and report any potential security weaknesses.
If this list have left you reeling and you’re not sure where to start, we recommend getting in touch with your hosting provider – they’ll be able to point you in the right direction!
One last thing, it’s really worth working with your customers to protect themselves and their bank accounts from any cyber attacks. For example, you could remind them that you’ll never ask for personal or billing information via email, and that you don’t send attachments.
Image is from: http://days.to/black-friday-in-us/2015