The payment card data that retailers process, transmit and often store can translate into big dollars for cyber criminals so it is critical that retailers maintain multiple layers of security so as to defend against the countless cyber attacks targeting them. It is especially important retailers have their Internet defenses in place and be on high alert during what is often the biggest online shopping day of the year, Cyber Monday. Dell SecureWorks, which protects retailers across the globe, recommends 10 key steps to ensure that a retailer's company data and customer information is not compromised. And retailers are not the only targets of hackers, the cyber criminals also go after the retailers' online customers so it is critical to keep one's customers safe as well. Dell SecureWorks has developed nine Internet security steps retailers can share with their online shoppers.
Security Tips for Retailers
10 tips for helping retailers protect their financial data and minimize risk, as well as helping their organizations adhere to the PCI DSS requirements:
- Institute and enforce a centralized plan for keeping your computer applications, operating systems and security software updated. Make sure servers and workstations are fully patched promptly and regularly.
- Implement a robust Intrusion Prevention Solution (IPS) to defend against cyber threats, including web exploit kit attacks, SQL injection attacks, banking Trojans, etc.
- Utilize web content filtering and web protection solutions to defend against threats which attack over the Web and email.
- Use a dedicated computer for financial matters such as online banking and bill payments. That computer should not be used for peripheral activities such as sending and receiving emails or surfing the Web. Web exploits and malicious email are two key infection vectors for malware.
- Ensure that employees utilize effective passwords and avoid clicking on links or attachments within emails from untrusted sources. Even if you recognize the sender, if an attachment is unexpected or looks suspicious, you should confirm that the sender has sent the specific email before clicking on any links or attachments.
- Enforce policies that forbid employees from downloading executable files via the Internet, using peer-to-peer networks, or visiting risky websites.
- Implement a Web Application Firewall, making sure it is maintained and monitored continuously by a security expert.
- Scan network and web applications regularly for vulnerabilities so you can detect and patch them quickly.
- Conduct regular code audits to ensure that Web applications and other software programs are written securely.
- Even if you don't intentionally use any wireless technology, you need to be aware of the PCI guidelines and periodically verify that unauthorized access points and devices aren't introduced into the cardholder data environment (CDE) in order to be in compliance and avoid threats from rogue devices.
Security Tips for Online Shoppers
- Ensure that your browser, browser plug-ins (such as document viewers, music and video players, rich content applications) and security software are patched and up-to-date.
- Be wary of holiday gift cards and holiday coupon offers sent via e-mail-these often have malicious links within the offer which lead to downloads of info-stealing Trojans or the hackers try to scam you out of your bank account information.
- When visiting your favorite online retailer to purchase gifts, be sure to type the actual Web site address of the retailer into your browser. Do not follow links provided by e-mail offers or pop up ads. Many times these are fraudulent sites made to look like the legitimate retail sites.
- When making online purchases, always use a credit card that limits your fraud liability. Avoid using debit cards to do online purchases when possible so as to limit your personal exposure to any possible fraudulent transactions.
- When making online purchases, always look at your Web browser for the https (as opposed to http) protocol that proceeds a Web address. The "s" let's you know that the Web site is providing a layer of security for transmitting your personal information over the Internet.
- Be wary of unsolicited e-mails, even from senders that you know, that include links or attachments. Before clicking on links or attachments, ALWAYS verify that the correspondent sent you the e-mail and enclosed link or attachment.
- Be especially cautious of clicking on links posted on social networking and micro blogging sites. Shortened URLs make it easier to share, tweet or email links but also create a security threat, as it easy to disguise the destination of the malicious links.
- Be wary of e-mails notifying you that your banking certificate or token is out of date and to download a new certificate or token. Before taking any action, verify with your financial institution by calling them on a number that is not provided in the email.
- Online computer users should avoid using weak or default passwords for any online site.