Cyber Monday is one of the most important times of the year for online retailers, especially those who sell electronic goods. It’s also one of the most important times of the year for hackers, who take advantage of overwhelmed or vulnerable websites.
Worryingly, many companies have expressed disinterest in investing in cyber security as it doesn’t provide a clear return on investment. But if your online store is shut down by a cyber attack during a busy period, such as Cyber Monday, the profits lost will be enough to convince you of the need for cyber security.
There’s also the risk of customer data being stolen. Stolen data has become such a lucrative business that even the most robust security systems are often breached by determined hackers. Failure to respond appropriately could land you with crippling fines or legal action.
If your online store struggles to keep up with the demand, it won’t just leave you vulnerable to attack, it will damage your reputation amongst current and potential customers. With everyone vying for attention on Cyber Monday, a customer will quickly go elsewhere if they’re frustrated by your site.
In the weeks and days leading to Cyber Monday, carry out stress-tests to make sure that your servers and infrastructure can cope with the increased load. This includes any third-party systems you use, such as payment portals and bot identification.
You should also stress-test your physical infrastructure such as customer support, inventory management and logistics. If just one link the the chain becomes overwhelmed, it can have knock-on effects throughout your business.
Make sure to back up your data to prevent data loss in the event that increased Cyber Monday traffic overwhelms your servers. These backups should be isolated from the rest of your network to keep them safe in the event of a crash or a malware attack.
The cost of downtime or data loss is significantly higher than prevention; trying to save money in the short term isn’t just ineffective, it could sink your business.
There is always a physical aspect to online security. Many critical data breaches or ransomware attacks are a result of mistakes made by people within the business, such as staff falling foul of phishing emails, unknowingly downloading malicious software or using a weak password on critical log-ins.
All businesses should train their staff in how to identify and avoid suspicious emails, websites and enquiries, especially if your business depends on online sales. Your staff following a few key rules for best online practice could be all that’s needed to save your business from a cyber attack on Cyber Monday.
If you’re looking for somewhere to start, the National Cyber Security Centre website provides cyber security help and advice for a range of businesses, as well as free training modules that can be given to your staff.
Just recently, I spoke with a company who had fallen foul of ransomware, which held their servers hostage until the hacker had received their requested amount of Bitcoin, during which time they were unable to make any sales.
Such a cyber attack is disastrous any time of year, but even more so during Cyber Monday where just a small amount of downtime can result in a devastating loss of profits.
Hackers know this, and will prey on retailers desperate to regain control of their site during such a competitive period. When a store knows that every second represents lost sales, they are far more likely to give in and pay the ransom.
GDPR is very tough on businesses who don’t respond to breaches
GDPR introduced severe consequences for companies who do not take the necessary precautions to safeguard data shared by their customers or fail to respond appropriately to any breaches.
Failure to notify the ICO within 72 hours of a data breach can result in a fine of up to 10 million Euros or 2% annual turnover, whichever is higher. The fines are proportional to the scale of the breach and the harm caused, but there have already been multi-million pound fines since the legislation’s introduction.
British Airways was fined £183 million by the ICO following data breaches that led to the theft of 560,000 customers’ data, including payment information. A vulnerability in the booking system used by Marriott International led to the leak of 339 million user records, resulting in a £99 million fine.
To avoid falling foul of the ICO, it’s important that you follow the correct procedure should you be victim of a data breach on Cyber Monday (or, of course, any other time of the year).
All data breaches must be documented and any high risk breaches must be reported to the ICO. If you are unsure of whether your breach needs to be reported, the ICO have a self assessment form on their website.
You must then formally notify everyone affected that there has been a data breach and that their data may have been accessed. I’m sure everyone has received such an email by now, though hopefully you will never have to write one.
Bear in mind that even if you follow this procedure, you may still be fined if the breach is found to be due to your negligence and those affected may take legal action against you, especially if their data was used for criminal activity.
Don’t know where to start with your cyber security? Contact us
We provide advice for companies who are looking to bolster their defences against cyber attacks and will soon be releasing our own cyber security services.
Get in touch with us now on 0800 772 3786 to learn more.