November 18, 2015
As cliché as this might sound, the holidays really are right around the corner, and if you haven’t already started holiday shopping I imagine you’ll be starting soon. With that in mind here are some things that online retailers can do to protect your data if you are one of the millions of people who shop online.
1. PCI Compliance – IT professionals know that audits aren’t conducted during the holiday season, meaning they should do their due diligence to remain compliant before, during, and after the holiday season.
2. Protect Passwords – Passwords should be stored using a cryptographically secure hashing technology and should also consider revamping password settings to ensure certain criteria is met because most consumers won’t come up with a unique or strong password.
3. Adopt SSL Encryption on Websites – This will protect valuable information, like credit cards number and will show the customer that they take protecting this data very seriously.
4. Penetration Tests – One of the most important things the information security team can do before the holiday shopping season is conduct website vulnerability assessments and periodic penetration tests to ensure that the website stays secure against the constantly evolving threat, Mike Walls with EdgeWave stated.
5. Secure Credentials – Hackers can now bypass even the best firewalls so retailer should have software in place that manages who has access to the most privileged credentials. They should also change these credentials regularly.
6. Handle Personal Data Correctly – This should go without saying, but retailers have to make sure their employees know how to handle all the personal data that gets entered and send. Employees should be up to date on the company’s security practices and policies as well.
7. Verification – Retailers should have a system in place to verify the customer’s identity before they can open an account or make a purchase.