So you made it through the holiday shopping season without a scuffle. You watched Target get hit with one of the largest-ever data
breaches and you’ve seen the predictions for the rising security
threats in 2014 -- and they are kind of scary.
The big question is, how will you make your site more secure for the new year?
There’s lots at stake. According to the National Retail Federation, every single hour of downtime due to a Web site outage or a malicious attack can have significant impact on your reputation and revenue. VeriSign figures even a few minutes of downtime can lead to financial losses in the tens of thousands of dollars, not to mention customer frustration.
“With the stakes so high, Internet retailers need to adopt a 360-degree approach to security during the holiday season, and year-round ideally,” said Sean Leach, vice president of Strategy and Technology for the VeriSign Network Intelligence & Availability Group. He offered four tips on keeping your site secure.
Prepare for the Worst, Plan for the Best
To ensure Web site availability and security, Leach said online retailers need to prepare for the worst through escalation and incident response planning by outlining standard operating procedures for downtime, including establishing and training incident-response teams
“They should also monitor their site diligently to determine service health and identify anomalies quickly and accurately, as well as provide failover to back-up IP addresses to ensure the site is always available,” Leach said.
Improve Your Infrastructure
Leach recommends optimizing the scalability and performance of your Internet infrastructure with demonstrated management of the increased traffic load coming your way during the holiday shopping season.
“Whether you manage your site internally or through a vendor, a track record of maintaining satisfactory service levels during the rest of the year may not be a reliable indicator that service levels can be maintained during the peak holiday traffic season,” he said. “If scalability and performance of your infrastructure are not optimized, it could damage your sales revenue and reputation at the worst possible time.”
Don’t Forget About DDoS
With the increase in size and complexity of distributed denial of service (DDoS) attacks, Leach said companies should consider leveraging upstream service providers to protect both Web servers and DNS.
“If either goes down, a company could be out of business,” he said. “A cloud -based approach to both DNS management and DDoS protection provides a cost-effective alternative to maintaining uptime.”
Implement Security Best Practices
Finally, implement security best practices by partnering with a security provider for holistic support. Leach pointed out that not all e-commerce sites can develop an internal cyber intelligence capability.
“Security service providers can help to quickly identify and understand the various security incidents and their implications, determine effective mitigation and remediation tactics, and develop a clear plan to enhance security,” he said. “Delivered via the cloud, such services combine fully reliable DNS resolution and DDoS attack protection to support critical Web-based systems and reduce the risk of downtime.”