Online holiday sales in 2014 are estimated to rise between 8% and 11%, reaching as much as $105 billion, according to the National Retail Federation. Because shoppers are expected to do much of their holiday shopping online, this presents a heightened concern over cyber security.
Businesses should prepare against cyber attacks all year long, but they should be especially diligent during the holiday season when employees are at their busiest.
- Train employees to protect sensitive information. All employees—even seasonal ones—should learn the importance of protecting the information they regularly handle to help reduce exposure to the business. This includes everything from locking up customer records to keeping passwords strong and confidential. Employees should also be taught how to handle a breach if one occurs.
- Halt systems changes until the end of the year. Make sure your software and other technologies are running smoothly and avoid implementing new systems at this time. Of course, there may be exceptions to address critical new patches.
- Ensure systems have appropriate firewall and antivirus technology and that security software patches are updated in a timely fashion. After the appropriate software is in place, evaluate the security settings on software, browser and email programs. In doing so, select system options that will meet your business needs without increasing risk. Regularly maintaining security protections on your operating system is vital to them being effective over time.
- Monitor use of mobile devices and public Wi-Fi access for employees. Establish usage standards and be sure they are clearly communicated. For example, to avoid security breaches, employees should be instructed to use public Wi-Fi only in very limited circumstances. Hackers can easily intercept public Wi-Fi, so it is imperative that employees cautiously use the Internet and transmit information. To reiterate, any data that shouldn’t be made public, such as proprietary business or customer information or credit card numbers should not be transmitted or accessed through public Wi-Fi.
- Insure that your season is protected. Insurance coverage typically includes liability protection for when customers or other individuals who have been affected hold a company responsible for information stolen during data breaches or other network intrusions. A cyber policy can also include coverage for a forensic investigation, litigation and remediation expenses associated with the breach. In addition, a cyber program may include coverage for business interruption, which is critical during the holiday season.
- Have a plan in place to manage a data breach. If a breach occurs, there should be a clear protocol for which employee is managing the situation, and what action should be taken, such as informing the insurance provider, etc.