Cybercrime Doesn’t Take a Holiday

The holidays are a busy time for most business owners as they ramp up to serve consumers excited to find holiday specials, or even as they prepare for time away from their businesses to spend time with friends and family. Hackers know that you are distracted from your core duties and normal routine and will look for vulnerabilities in your systems. Avoid becoming an easy target during this busy time with these tips.

1. Stay vigilant during the holidays. Don’t be distracted during peak seasons. Hackers specifically target U.S. holidays when they know your attention is focused on seasonal revenue and retail customer engagement. Keep crucial systems and servers patched during the holidays, orchestrate regular vulnerability scans, remind all of your employees of cybersecurity best practices, and maintain visibility on holidays and weekends.
2. Make sure your retail business has a cellular failover plan. The internet connection can go down at point-of-sale (POS) systems for reasons beyond your control. You want to avoid downtime at all costs, literally, so you don’t lose out on business. Adding an automatic cellular failover solution ensures 99.99% uptime.
3. Take control of your internet’s performance. During a busy shopping season, your internet service provider’s infrastructure may be under high stress. A good way to fight back against fluctuating network performance is to ensure traffic is properly segmented and the POS payments traffic is properly prioritized. Make sure you set the right threshold for when the connection should switch to the cellular failover network.
4. Your POS system is PCI DSS compliant so you’re all set, right? Not necessarily, PCI compliance is just the bare minimum needed to secure transactions and protect customer data. During the holiday season, you may want to beef up network monitoring at your retail stores and refresh your incident response plan. Stay informed about advanced threats that are common during this time of the year. Don’t let ransomware ruin your holidays.
5. Think like a hacker to identify valuable targets. Threat actors are financially motivated and look to steal your sensitive data to re-sell or use login credentials. Attractive targets include credit card data, loyalty program databases, gift card inventory, and login credentials to other assets or supply-chain partners. A managed Security Information and Event Management (SIEM) platform provides you with continuous monitoring and alerting to identify suspicious activity and quickly detect intrusions before more damage occurs.
6. Protect your website and e-commerce assets. E-commerce uptime of your organization’s website is business critical. Web applications are now the number one threat vector across the retail sector. You need to detect and stop these costly attacks. We recommend you disable unnecessary accounts and web plug-ins, automate data backups, and avoiding vendor default settings that hackers know and will try first. Maintain comprehensive data backups so that ransomware attacks can’t pressure you for payment. Here are 7 Steps for Better Website Security.
7. Avoid login and password compromise. Your privileged accounts such as system admin credentials and IT vendor accounts are the doorway to crucial company systems and websites. Require strong passwords, implement “least privilege” and role-based access controls, and eliminate logins for long-gone former employees and contractors. Don’t make it easy for hackers to buy and sell your organization’s logins on criminal forums.

We hope these tips help you have a safe, secure, and hack-free holiday season. Need help? We’ve got you covered so you can focus on running your business. Contact us to learn more aboutSIEM, or SOC-as-a-Service (SOCaaS) for small-to medium-sized retailers.