Nov 21, 2016 - 11:00am

Cyber Monday and How to Protect Your Business


Senior Vice President, National Security and Emergency Preparedness Department, U.S. Chamber of Commerce

General Manager, PCI Security Standards Council

Cyber Monday is just a few days away and it is important for the business community to recognize that while this time of the year is great for sales, it is also the season when cybercriminals prey on businesses like the Grinch Who Stole Christmas. Their goal is to take full advantage of the hectic holiday shopping period by relentlessly attacking vulnerabilities in your online systems. It is during this time that businesses need to be especially on guard when it comes to payment card protection. 

The last 10 years have seen huge changes in how we shop and pay for goods and services, with growing numbers of consumers using online shopping and more recently their smart phones. Just last year, Cyber Monday was America’s largest e-commerce sales day ever with online orders totaling $3.07 billion. This year, many experts believe Cyber Monday will match or beat Black Friday. This trend is likely to continue as more and more young people move to online purchases. These are great new opportunities for both merchants and consumers, but unfortunately, they can make e-commerce a bigger target for the criminals. 

So what should the online business community be mindful of as it approaches Cyber Monday and the holiday shopping season? Here are some tips to keep in mind and discuss with your employees:

  • Change your passwords and make them strong. According to Verizon, 63 percent of confirmed breaches involved weak, default, or stolen passwords. If the password you’re using is “Password1,” change it! It’s the most common password (seriously!), and the bad guys know that along with a ton of other frequently used passwords. Just like you lock your doors before you leave—lock this door too. Make sure your employees know this as well.

    Resource: It’s Time to Change Your Password
     
  • Install software updates known as patches that your payment service provider sends you for your payment systems. Just like you install updates on your phone—install patches on your payment systems to ensure you’re protected from cyber criminals trying to find a way to break in. Patches fix problems found in the system and provide new features.

    Those problems are often the principal reason a system gets breached. Installing updates from your payment service provider makes sure you’ve plugged the hole the bad guys could use to get into your systems. Likewise, make sure your e-commerce hosting provider, which hosts your website, periodically installs patches on the systems and/or web applications.

    Resource: Guide to Safe Payments
     
  • Keep business information private. Just like you wouldn’t tell a customer the code for your front door or give a random stranger your bank details, keep your passwords, user IDs, or other details for the payment systems you use private.

    The bad guys love to call you up or send an email asking about the systems you use, what your passwords are, etc. They may even pretend to be from your payment service provider, bank, or another business partner—always separately confirm an unexpected call or email with that entity claiming to make the call before proceeding. The person may want to use the information to get into your systems and steal data. Make sure your employees know to keep that information private. The risk to your business could be devastating.

    Another common trick criminals use is to send an email that asks you to click on a link or open an attachment. Once you do that, it causes malware to infect your systems. Even if the email says it comes from someone you know, confirm with the sender first. If the sender is unknown to you, delete it.

    Resources: CEO Email Fraud: How to Combat a Whale of a Problem; Defending Against Phishing & Social Engineering Attacks

Best practices for securing data start with companies developing a culture of security with their employees. Companies that fail to make data protection an every day priority run the risk of being breached. With Cyber Monday approaching, prepare now before the shopping frenzy begins.      

More Articles On: 

About the Authors

About the Author

Senior Vice President, National Security and Emergency Preparedness Department, U.S. Chamber of Commerce

Beauchesne is the principal spokesperson on national security and emergency preparedness issues, and is responsible for building and maintaining relationships with administration and regulatory agency leaders.

About the Author

Stephen W. Orfei, General Manager, PCI Security Standards Council
General Manager, PCI Security Standards Council
Mr. Orfei leads the PCI Security Standards Council in its mission to educate, empower and protect payment data globally, working closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the global payment eco-system.

More from National and Cyber Security