As the holiday season approaches, retailers gear up for increased sales and customer activity. However, it's not just businesses that are preparing for this lucrative time of year; cybercriminals are also poised to exploit the bustling shopping week with targeted cyberattacks. To help small businesses safeguard sensitive systems and customer data during this high-stakes period, Keeper Security, a leading provider of zero-trust and zero-knowledge cybersecurity software, is sharing essential cybersecurity best practices.
Cybercriminals employ a range of tactics to compromise an organization's systems and valuable data during this bustling season. These tactics encompass phishing attacks, ransomware, malware, business email compromise, and more. Vigilance and proactive defense are paramount to ensuring the security of customer data and transactions not only during the holiday shopping season but also year-round. Retailers are advised to adopt a multi-layered cybersecurity approach that includes the following key measures:
Conduct Employee Training: According to Verizon's Data Breach Report, a staggering 74% of security breaches involve human factors, such as falling victim to social engineering, stolen credentials, or making errors like misplacing passwords. Implement cybersecurity training as an integral part of onboarding, and regularly conduct phishing tests and supplemental training to keep employees informed about the latest threats.
Regularly Update Software: Ensure that all systems and software, including Point of Sale (POS) terminals and e-commerce platforms, are up to date with the latest security patches to mitigate known vulnerabilities. Deploy antivirus software and keep it regularly updated to defend against emerging threats.
Secure Sensitive Systems: For secure payment processing, use trusted tools and isolate payment systems. Implement privileged access management to safeguard and manage access to privileged systems and accounts, such as payroll and IT. Adhere to the principle of least privilege to restrict employees' access to only the systems and accounts necessary for their roles. Set up an intrusion detection and prevention system to monitor for suspicious activities and potential threats.
Protect Customer Data: Regularly back up and control access to data by appointing administrators and monitoring user permissions. Review data collection practices and policies to understand the user information your organization collects and eliminate any unnecessary dark data. Collect only the information required for essential business purposes.
Implement an Enterprise Password Manager: Weak and compromised passwords pose significant threats to retailers' cybersecurity. Enterprise password managers not only grant IT administrators visibility into employee password practices but also enable the enforcement of password security policies, such as strong, unique passwords and multi-factor authentication (MFA). They help prevent employees from inadvertently entering their credentials on phishing sites.
Secure Your WiFi Network: Protect your network with a strong, at least 16-character password comprising a randomized combination of letters, numbers, and special characters. If encryption is not enabled, update it in your ISP admin settings. Most routers come with built-in firewalls; ensure they are enabled. Use a Virtual Private Network (VPN) to enable secure remote connections for remote workers.
By implementing these proactive measures, retailers and small businesses can strengthen their cybersecurity posture, enhancing protection for their systems and data during the high-pressure period of Black Friday and Cyber Monday.