How to navigate the risks of Cyber Monday

David Dickson
Director, Advisory
24 November 2021
4 minute read

The days when Black Friday and Cyber Monday only applied to bricks-and-mortar stores and online retailers respectively are long gone.

Nowadays, online retailers have jumped on both bandwagons to offer Black Friday and Cyber Monday deals aplenty across the whole weekend or, in some cases, an entire week of deals.

But not only does this pose a risk to consumers, with online shoppers having been defrauded of £2.5m in Britain last year, but online retailers also face increased risks from potential cyber threats.

Here are our 10 top tips to successfully navigate these risks and help ensure a profitable Black Friday and Cyber Monday:

Develop a DDoS prevention + response plan

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt traffic to a website. For e-commerce businesses hoping to attract significantly more traffic over Black Friday and Cyber Monday, a DDoS attack is potentially fatal.

Perform a risk assessment now to understand what vulnerable entry points there are in your network – and attempt to fix them. Make sure you’ve nominated a response team and built a plan to identify who’s responsible for doing what in the event of an attack. You want to minimise disruption and downtime.

Monitor POS software providers

It’s really important to ensure that you do your due-diligence on the Point-of-Sale (‘POS’) software that you use. Is the provider well-known with a good reputation? Will all of your customer and payment data be encrypted to ISO 27001 standards? Does it have a good history of operational ‘uptime?’

The moment when your customers enter their personal and financial information is a key moment for you, as you’re about to make a sale. Failure of the POS software can result in downtime, preventing that sale from being made. It could also enable hackers to steal the personal and payment details of your customers, which would have significant legal and liability implications.

Understand your PCI-compliance requirements

If you accept debit or credit cards as a payment option, you’ll need to assess your PCI compliance annually and maintain compliance 24/7. The PCI Security Standards Council exists to implement standards for creating secure payment solutions and, if followed correctly, can help protect your customers and ensure that your payment mechanism is not vulnerable to infiltration by hackers.

Be aware that PCI assessments, fines and penalties for alleged or actual breaches of compliance can be extremely expensive and can result in terrible reputational damage.

Undertake rigorous testing of email systems

Email systems are prone to malware and vulnerabilities.

If you're taking Black Friday or Cyber Monday orders over email, or if you're using email to communicate with customers, it’s vital that your email system remains protected from security breaches.

Ensure you have strong passwords, including a combination of numbers, letters and special characters. Given the rise of cyber attacks this year, multi-factor authentication for setting and changing passwords is becoming a must-have for lowering exposure to the most common, high frequency attacks.

Encrypt sensitive data

Encryption software converts data into ciphertext (unreadable text) to prevent highly sensitive data within payment transactions from being useful to malicious third parties: giving you an extra layer of security.

Encryption is good practice to implement across all of your critical systems and networks where critical data is stored or processed. It should also be a prerequisite for any third party or service providers you engage with for technical or IT services.

Ensure regular back-ups

Anyone who has suffered from a ransomware attack or experienced a data breach will give you one major piece of advice: regularly back-up your data. Backing up your data (your customers’ and employees’ personal and financial information, your commercial data and inventory/stock records, etc) will put you in a good position when trying to get up and running after a cyber attack or event. Back-up technology is becoming increasingly seamless and secure, so it's a worthwhile investment.

Implement ongoing firewall and network monitoring

Good firewalls will prevent malicious intrusions and activity on your website and systems by outsiders. These should be updated regularly in line with advice from the provider to ensure you are benefiting from the leading protection.

Having a monitoring system in place (behind the firewall) will flag any intrusion, activity or unusual behaviour, which could provide cause for concern. It’s good practice to nominate at least one person to be responsible for keeping an eye on this monitoring to ensure any important warnings aren’t missed.

Have an incident response plan

An incident response plan is a good undertaking to ensure that you and your team understand everyone's role, should the worst happen and you fall victim to a cyber attack or data breach.

Acting quickly is vital, so it’s important to be prepared. A good breach response plan will help you here. An incident response plan usually includes:

  • Details of the roles and responsibilities for each of the incident response team members
  • A business continuity plan
  • A summary of the physical resources, technology and tools required
  • A list of data recovery and critical network processes (i.e. how to access your back-ups)

Educate employees about likely threats

Any employees involved in the operational elements of your e-commerce business need to be aware of the likely threats that may occur before and during this sale period. As well as the tips above, tactics such as phishing emails will try to lure employees into unknowingly giving away sensitive information and will include links that open up a website’s vulnerabilities.

Educate your customers

Lapses in cybersecurity might not happen at your end, but with your customers. Individuals are far more likely to have weaker passwords, no basic cybersecurity and less of an awareness around phishing. Be sure to communicate clearly with your customers about the type of communication (and frequency) you will have with them, so they don’t fall foul to any phishing emails or malicious third parties pretending to be you.

You may also like:

This content has been created for general information purposes and should not be taken as formal advice. Read our full disclaimer.

Share this article

We've made buying insurance simple. Get started.

Related posts