<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">

Nine Holiday Security Tips for E-Commerce Retailers

Greg Mooney| December 04 2019

| security


The holidays just might be “the most wonderful time of the year” as the old-time carol says. But for IT security teams that oversee e-commerce websites, the holidays can also be “the scariest time of the year.”

Looking back on cybercriminal activity during the 2018 holiday season, it’s hard to fault IT security teams for feeling this way:

  • Cyber Defense Magazine uncovered that the number of malicious apps launched increased 220% in Q3 2018 over Q2, just as hackers began to prepare for the holiday season.
  • Once the holiday season hit, blacklisted apps containing branded terms from the ten most trafficked sites increased by close to 50%.

The magazine also found cybercriminals placed nearly 7,000 digital credit card skimmers on compromised e-commerce sites between Black Friday and New Year’s. That’s almost 180 incidents every day of the holiday season.

Basics in December the Same as July…With Higher Stakes

Despite these alarming 2018 statistics, the basics of IT security for e-commerce sites during the holiday season do not differ from the rest of the year. What you do in December to protect your digital assets and customer information should be the same as what you do in July.

The difference is, the stakes during the holiday season are much higher. More shoppers go online and spend more money than at any other time of the year. At the same time, more hackers go online, working harder than usual to steal whatever credit card info they can. And if it’s one of the hectic holiday days, like Cyber Monday, the sharks in the water go especially crazy.

The last thing you want is to upset your customers during the biggest gift-giving season of the year. Disappoint someone buying a gift for a family member in July; you might reel them back in; disappoint that same person in December…you might lose them forever.

9 Key Security Defense Measures to Deploy

Perhaps the first thing to do as part of your holiday IT security plan is to let your customers know all the steps you take to protect your e-commerce site and to keep their information safe from cybercriminals. Consider a banner on your home page promoting how your website is secure, and provide a link to a page that gives details on the technologies, policies, and processes you have deployed to ensure security.

Ideally, your security posture should include these nine defense measures:

1. PCI DSS Accreditation

If you are not currently compliant with the payment card industry data security standard, you won’t be able to do so in time for this holiday season, but it’s something worth setting as an objective for next year. Doing so will force you to apply robust security controls, and it’s a great credential to present to your customers to prove you take security seriously.

2. Virtual Private Server

Check to verify your platform hosting provider sets you up with a virtual private server. This costs more than a shared hosting service but protects you from being breached in the case of another e-commerce site on a shared platform that has a weak security posture.

3. HTTPS Across the Entire Site

Some e-commerce companies use the secure HTTPS protocol only for the payment area of their sites. But it’s important to apply this level of protection to your entire site because any page can be hacked. Doing so will also improve your Google rankings.

4. Platform Security Check

When you first contracted with your website platform provider, you likely investigated the level of security they provide. It’s important to keep verifying the level of security, particularly right before the holidays. E-commerce sites need to be constantly maintained and patched.

5. Changing Admin Credentials

Admin credentials should be changed on a regular basis, but especially right before the holidays. Be sure to utilize original user names and passwords that are difficult to decipher. Also, limit admin access to specific user IP addresses and set up alerts, so you know if any failed log-in attempts occur, which indicate a hacker might be on the prowl.

6. Non-Storage Policy for Credit Card Data

While many e-commerce platforms give you the ability to offer customers the option of storing credit card details, the practice significantly increases your risk should a breach occur. You can also promote the fact that you do not store any credit card data—to further protect your customers. 

7. Fraud Detection Software

These tools determine the level of risk of each transaction in real-time, based on the IP address of the device placing an order and the use of any cloaking method, such as a proxy server. If something pops up as suspicious, you can either refuse the order or request additional information to validate the identity of the customer.

8. Security Layers

No defense mechanism works all on its own. It’s critical to deploy multiple layers such as malware detection, physical firewalls, and web application firewalls as well as a Content Delivery Network if you sell to customers in many geographies. You can also require customers to utilize multi-factor authentication to access your e-commerce site. This creates an extra step to verify their identity, such as inputting a text code that you send to their mobile phones, but many customers appreciate you making sure bad actors can’t get into their account.

9. Data Backup and Disaster Recovery

Another critical aspect of security during the holiday season is to verify your data backups and disaster recovery processes work properly. If a cyber attack succeeds—in spite of all your efforts—you at least want to restore operations as quickly as possible to keep the orders coming in.

Security Is Your Responsibility—Tap Into the Necessary Expertise

For all of these defensive measures, work closely with your host provider, but also realize the security of your e-commerce site is ultimately up to you. That’s why it’s also best to collaborate with a third-party security consultant who has the expertise to verify your host provider is doing what they say they are doing. This resource can also check to make sure your internal security mechanisms are sufficient.

And hopefully, that adds up a happy holiday season…for you and your customers!

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *


Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.