by Nicole Fallon, Business News Daily Assistant Editor | November 13, 2014
In the wake of the recent string of corporate data breaches, businesses are more alert than ever about cybersecurity. Right now, many of them are also gearing up for the busy holiday shopping season, which brings more opportunities for hackers to break in and steal sensitive customer data.
“For many small retailers, the holiday season is a ‘make it or break it’ time of year,” said Jonathan Gossels, president of IT security and consulting firm SystemExperts. “In addition to traditional merchandizing challenges, they now have to worry about whether their IT infrastructure is up to date and can handle the load securely.”
More and more consumers are choosing to shop online every holiday season, so businesses are under a lot of pressure to keep their transactional data safe. Gossels noted that e-retailer websites and associated back-end systems need to be up to date, compliant with the Payment Card Industry Data Security Standard (PCI-DSS) and able to handle the expected transaction volume throughout the holiday season. The key to success, of course, is being prepared long before Black Friday and Cyber Monday.
“The holiday cybershopping boom is not a surprise event,” Gossels told Business News Daily. “It happens every year at exactly the same time. Merchants of all sizes need to plan for it strategically and programmatically.”
While the 2014 holiday shopping season is practically here, there’s plenty you can do to secure your website now and begin planning for next year’s rush. Gossels shared the following tips and timeline to make sure your business’s website is ready for this busy time of year.
Right now: Freeze your production systems until the end of the year. Don’t implement any new software or technologies, and make sure your existing ones are running smoothly and properly. You should only make exceptions to address critical patches that may come out. Use the “freeze time” to begin planning enhancements for next year.
Early 2015: Plan, design and review any system enhancements, including a security architecture/compliance review.
Summer: Implement and test the whole website and back-end systems with particular emphasis on the new functionality.
Late summer/early fall: Conduct PCI compliance and security testing as a strategic framework to follow.
Before November 2015: Fix any remaining problems that have been found during the testing, address any capacity constraints, ensure that all security-related patches are in place, and train staff on acceptable use of systems and resources.