Secure Your Website Ahead of the Holidays

Stay ahead of cyber criminals with these 10 security tips

Where there is money to be made, criminals are soon to follow. The online retail market is a prime target for cybercrime, especially during the holiday season. Securing customer data and protecting your website from malicious attacks should be at the forefront of your holiday readiness strategy. Yet year after year, we hear about sites getting hacked or sensitive data being stolen from ecommerce sites.

What should you be thinking about now to protect your data — and your customers — from hackers this holiday season?

Cyber security experts from Rackspace Managed Security and Rackspace Digital have teamed up to bring you a list of 10 considerations for a safe, secure and successful holiday season:

Use a secure connection for online checkout. Secure Sockets Layer (SSL) certificates authenticate the identity of your business and encrypt data in transit. This protects credit card and other important data while it’s moving across the network, from your ecommerce application to a third party payment gateway, for example. An EV or Extended Validation SSL certificate provides a green bar in the browser, giving customers a visual indication that your site is secure and trustworthy. A logo from a reputable SSL provider on the check-out page will provide customers with peace of mind that the proper steps have been taken to handle sensitive data as it makes it way over the wires.

Set up system alerts for suspicious activity. Set-up alters for suspicious activity, such as multiple transactions from the same IP address or multiple orders placed by the same person using different credit cards or phone numbers. Always check that the order recipient name is matched with a credit card or debit card to avoid suspicious transactions.

Don’t store sensitive data. Allowing customers to save credit card data in their account can make checkout faster, easier, and more convenient. However, companies should never store all pieces of data required to complete the transaction, such as the expiration date or card verification value (CVV). In fact, storing all of this data is strictly forbidden per Payment Card Industry (PCI) standards. Companies should purge old data and retain just enough data for charge-backs and refunds.

Layer your security. Security starts at your ecommerce application. When selecting an ecommerce platform, make sure the administration panel is inaccessible to attackers and stay on top of new versions with security enhancements. When a new patch becomes available, install it immediately, as in the same day. This includes the web server itself as well third-party code like Java, Python, Perl, WordPress and Joomla – these platforms are targets for hackers. A firewall, or multiple firewalls, is an essential part of stopping attackers by preventing them from entering the network where they could access sensitive information.

Monitor your site regularly — and make sure whoever is hosting it is, too. Having a real-time analytics tool on your site is the cyber equivalent of installing security cameras in a brick-and-mortar store. These tools allow you to observe how visitors are interacting with the site in real time, allowing you to detect fraudulent behavior. Whether you’re hosting your ecommerce site in your own data center, or have partnered with a hosting provider, routinely monitor your servers for malware, viruses and other harmful software. At a minimum, scans should be done daily. During high traffic periods, consider increasing the frequency.

Perform regular PCI scans. PCI compliance is not a one-time thing. Staying compliant means performing regular checks to ensure your site is not vulnerable to hacking attempts. Your hosting partner or service provider should be PCI compliant as well. Ask them to show you their certification.

Make sure you have a DDoS protection and mitigation service. Distributed Denial of Services (DDoS) attacks are increasing in frequency and sophistication. Ecommerce sites should turn to DDoS protection and managed DNS services that have the capacity to handle proactive mitigation. Doing so can eliminate the need for significant investments in equipment, infrastructure and expertise.

Make sure you or whoever is hosting your site is backing it up — and has a disaster recovery plan. You can’t recover data you haven’t kept, but the good news is the cost of data storage has decreased dramatically in recent years. Data from multiple servers can be combined on a single storage device and you could benefit from backup/recovery solutions that are bundled into storage appliances. Data that is backed up needs to be secured with the same vigilance as your primary storage devices. Finally, ensure you or your hosting provider has a disaster recovery plan. A fully redundant, highly available architecture is more expensive, but it will ensure that your site remains online even in the event of an emergency.

Educate and train employees. With proper education on laws and policies related to customer security, you can prevent a possible cyber attack. Employees need to know they should never distribute sensitive data or reveal private customer information in chats or other insecure communication methods. Employees should be educated on fishing attempts or other means of fraudulently collecting data that would allow cyber criminals to access data.

Regularly test your e-commerce site for vulnerabilities. Consider hiring cybersecurity consultants or ethical hackers to identify vulnerabilities in the code. Penetration testing can reveal weaknesses in your application, code or architecture and allow you to address them before they are exploited.

Your customers should feel confident in your dedication to online security. They count on you to take their privacy seriously. Otherwise, it could cost you their business, or worse, if hackers have their way. Just ask the major retailers with recent high-profile breaches on how the public responded to their data security disasters.

Dive deeper into how Rackspace is tackling leading security issues in The Evolving IT Security Threat — A Primer.

Download our whitepaper PCI Compliance in Rackspace Managed Cloud to help ensure you have a compliance program in place before a threat impacts your website.

Kristin Waldrop serves as product marketing manager for Dedicated Servers and Fanatical Support. She joined Rackspace in 2012 with nearly 10 years of enterprise-level technology strategy, consulting, and project management experience. Prior to joining Rackspace, Kristin helped shape IT strategies for some of the largest defense agencies in the U.S. at Booz Allen Hamilton. Connect with her on Twitter @KristinWaldrop.​

6 COMMENTS

  1. The initial thing to complete as well as best advice here’s de-stress! Consider, about to catch in a level of competition or right now there to become judged on your own graceful skill, miss-spellings, formatting that you just an individual read it. Everyone for the service is it possible is definitely support and on your personal edge, therefore take this into account and you should have the ability calm down a bit more.

  2. And when they do, the  injection cleaner economies that were weakest a few years ago will be more efficient, more flexible and generally more competitive.

    It may result in many complications inside your work and may also lead to lack of important data.

    WPA is best, however it has no less than one demonstrated vulnerability.
    I also provide signal in my second floor deck, though quite a bit less hardy,
    considering that the router is within the first floor
    and on the opposite side with the house. Wifi repeater review 2015 The
    4 is usually a bit smaller and thinner and
    it carries a slightly better battery.

  3. With the financial crunch being experienced most everyone right now, though, acquiring a brand new mobile
    phone is just not always in the tightened budget. After news on the survey broke, Groupon s inventory price dropped by above 6%—on each day when the majority of the stock market soared.

    It can bring about many complications as part of your
    work and might lead to decrease of important data. There will go
    very low and also high depending up for the functions as well as other utilities which
    might be added inside the mobile phone. Best range booster Be bound
    to remember this, as you’re planning to need to obtain it if you
    try for connecting your computers in your wireless network.

  4. The Panasonic TH42PX80B has V-audio and 2 extensive range speakers (160 x 42
    mm). But other designs of videos may also be converted while using
    i – Pad video converter with your Windows computer. Radio shack converters Don’t be described as
    a brand name consumer associated with HDMI cables – in terms
    of HDMI cables, are aware that the harder pricey cable
    does not mean it is better.

    Mono plugs in any height and width of TRS connectors will
    undoubtedly have one ring. You likewise have an equalizer to switch
    default sound settings with control selections for Bass, Treble and Balance.

  5. One from the first things you should buy to get a
    reception area is a set of leather sofas. It is known as very comfortable kind of sofas among all the
    above mentioned types. If you ever welcome a residence guest
    to have an overnight stay, your sofa bed will appear in fairly handy.

    The dcor choices that will match together with leather sofas will
    also be vast, so that you should not struggle excessive to find something which matches along
    with everything else. Keeping the BAR out of your back is one
    of the most important reasons to invest in a memory foam sleeper sofa mattress.

LEAVE A REPLY

Please enter your comment!
Please enter your name here