In my last post I offered tips to keep personal online holiday shopping safe and to help prevent fraud on any of your accounts. Today I’d like to offer small retailers some advice to make sure their IT infrastructure is up-to-date and ready to handle the holiday rush.
Before the holiday season kicks into high gear, set aside some time to do the following:
- Plan, design, and review (including a security architecture/compliance review) any system enhancements early in the year.
- Implement and test the whole website and back-end systems with particular emphasis on the new functionality.
- Conduct PCI compliance and security testing (ideally also an ISO 27002 review as a strategic framework to follow).
- Fix any remaining problems that have been found during the testing, address any capacity constraints, ensure that all security-related patches are in place, and train staff on acceptable use of systems and resources.
- FREEZE the production systems from November through the end of the year. The only exception should be changes to address critical patches that may come out.
- Use the time during the freeze to begin planning enhancements for next year.
In preparation for holiday traffic, small retailers should also pay close attention to their websites. Key issues here include:
- Is the website up to date and does it prominently feature the products and services you want to promote?
- Is the website and associated back-end systems compliant with the Payment Card Industry Data Security Standard thereby reducing the likelihood of your customers’ credit card information being disclosed?
- Is the website and back-end processing sufficient to handle the expected transaction volume and is it robust enough to be available throughout the holiday season?
The holiday cyber-shopping boom is not a surprise event – it happens every year at exactly the same time. Merchants of all sizes need to plan for it strategically and programmatically. Happy holidays!
Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.