’Tis the season for joy and family and lots and lots of shopping—the season that often makes or breaks a retailer’s year. Unfortunately, it’s also the season for criminals to do their best to redirect as much of that revenue as possible into their pockets.
Even old Saint Nick is at risk, so he’s come up with a list of naughty things retailers might unintentionally do that can help holiday crooks succeed in their Grinchy ways. But, being Santa, he also tells us some ways to turn Naughty into Nice.
Update Your Systems
Santa will be keeping a close eye on retailers who run systems that aren’t properly patched, either because the systems are outdated and updates are no longer available (Windows XP, for example, or Windows Server 2003), or because service providers haven’t done the work for some reason. And it’s not necessarily neglect—remember the number of things that only worked with Internet Explorer 6, long after it ceased to be supported?
Most major breaches involve unpatched or obsolete systems that crooks know and love. Why? Because it’s not hard to compromise a system with known vulnerabilities, and that means the naughty guys can scoop up lots of money (via stolen credit card info) with minimal effort—money that the customer could otherwise be spending with retailers.
So take Santa’s advice, and make sure systems are up to date and patched before that all-important holiday shopping binge. Yes, it could involve investment, but it will be cheaper and well worth it in the long run when you avoid the consequences of a breach: lost business, increased insurance costs, remediation costs. And it’s one more checkmark on the Nice list.
Don’t Ask for Too Much
Collecting information on customers is always a temptation and can often be useful. But the rationale—that you do it to serve them better—only stretches so far. Santa may see you when you’re sleeping, and know when you’re awake; he also takes notice of retailers who collect more information than is necessary to complete a transaction.
Information may be valuable, but it’s also a risk to both customer and retailer. If someone accesses that customer data or uses it improperly, it could mean lawsuits or even jail time—definitely not Nice. So leave the all-knowing stuff to Santa, who seems to have figured out how to protect the information, and you’ll make his Nice list.
Keep It Safe
Santa acknowledges that there is some data that retailers have to collect. You can’t fulfill an order without payment and shipping information. And you have to store that data, at least for a while. But Santa puts lumps of coal in the stockings of retailers who don’t encrypt the customer data they’re storing. Because if, despite the best available precautions, the bad guys do get their greedy hands on that unencrypted data, then they will know everything you do about your customers—and what they do with that information will not be Nice.
To get on the Nice list, make sure that all customer information—in fact, any information you value—is encrypted from end to end, even when it’s being transmitted from the point of sale system. That way, no matter what mechanism the crooks use to intercept it, the data will be, if not impossible to read, at least protected enough that only the most sophisticated criminals will be able to use it.
And that’s definitely worth a big checkmark on Santa’s Nice list.