Hackers won't take a holiday this Christmas so neither can your cyber protection systems
In our digital world, hackers are everywhere as the rewards from cybercrime continue to make the risk worthwhile.
It is important that companies, both large and small, are vigilant about the security of their data.
Even Santa Claus needs to be conscious of data security. He gets names, addresses and personal letters from all over the world. Just like any other business, he needs to make sure the elves are protecting that data - so here are my Christmas data tips for the man in red, and for your business:
1. The biggest threat will come in the form of emails. Phishing emails will try to get you to enter sensitive information like your credit card number and Paypal or banking details.
Unscrupulous cybercriminals will try to pull on the Christmas heartstrings, and may use well known charitable campaigns to try to draw you in. It is important that all staff are aware of the threat.
2. As well as knowing what threats look like, staff should know that they should never share their passwords internally or via email and passwords should be changed on a regular basis, ideally every 30 days.
3. It is a business' responsibility to keep customer information safe. Longer, more complex passwords will make it harder for criminals to breach your system. Use symbols instead of letters like this example $@nt@C!@u$, and make your customers do the same.
4. If you use a payment processor like Stripe or Paypal, customer credit card data is not stored on your website, removing one significant headache.
You will still have customer address data for deliveries, email addresses and perhaps a password.
It's crucial you keep this database of customer details safe and secure, by ensuring your website is on a reputable, secure web hosting company.
5. Make sure you use a reputable payment processor that has verification systems for addresses and cards to reduce fraud attempts. Its one extra step a hacker will need to get through in order to access the system. Don't be tempted by low commission rates. Use a familiar, proven name to get your website trading online.
6. Set up system alerts for suspicious activity. Many shopping cart systems have built-in features to monitor events like multiple orders placed by the same person using different credit cards, phone numbers that are from markedly different areas than the billing address and orders where the recipient name is different than the card holder name.
7. Website security isn't reliant on a single solution, but on layers of security that keep unwanted visitors at bay. If you're hosting your own website on a server, install a firewall. If you have a shopping cart make sure users need to log-in with a validated email address and use CAPTCHA on forms and orders to minimise the number of automated or 'bot' requests made to your website.
8. Employees should know the basics of web security, like the fact they should never email or text sensitive data or reveal private customer information in chat sessions. Staff training in data protection is vital.
9. Monitor your site regularly and make sure whoever is hosting it does too. You can't be there all the time so use automated tools and analytics, the equivalent of having security cameras in your shop. Make sure whoever is hosting your website monitors for malware, ransomware, viruses and other harmful software as well as unwelcome visitors.
10. Make sure you or whoever is hosting your site has a disaster recovery plan.
11. Customers will look for https in their browser bar and a padlock icon when shopping. That way they will know the website and their details are encrypted and secure. Advise customers not to make purchases over a public wi-fi system, as they can be prone to electronic eavesdropping.
12. Everyone expects to receive emails wishing them all the best for the festive season but have a look at the email address of the sender before you open any email. If something doesn't look right, it isn't.
All in all, just be vigilant. Yes, it is the season of goodwill but don't extend that goodwill to cybercriminals by inviting hackers into your network.