Keeping your environment secure is important all year, but particularly during the holiday season, when so much revenue is on the line, and security breaches are most common. Elizabeth Scott is here from our partner Tenzing to share 10 tips to secure your environment before the holiday season hits.
- Patch your environment
Make sure you define who handles monitoring security patches and applying them to all areas of your environment, from your infrastructure and operating system through to your application. Your final patch (unless an emergency patch is released) should be one month before your busy season starts (For holiday shopping, this is October).
- Develop an emergency patch and security plan
Plan for problems in the future by making sure you have a plan in place to handle security issues like emergency patching or an unexpected security vulnerability. Know which teams you will need to assemble to resolve those issues quickly.
- Limit access
Limit access to your environment to authorized personnel. Require your personnel to use strong passwords and regularly review your access list. Complete an audit of users who can access your environment prior to your busy season. Two-factor authentication and encrypted communications are highly recommended for administrative personnel.
- Proactively Monitor Your Environment for Vulnerabilities
An Intrusion Detection System that will detect potential breaches or security attempts. These systems monitor behavior and can notify your teams of suspicious activities, allowing your team to respond to, and even prevent breaches. These systems can be noisy, so look for a provider who completes an analysis of the alert before you are notified.
- Make sure you are using HTTPS
Ensure you are using at least SHA256 high encryption and not older versions. HTTPS should be the standard for all customer ecommerce communications, not just for authentication or payment. If you are concerned about performance with HTTPs always on, consider using a CDN service that can support your SSL implementation and increase your website performance.
- Ensure You have Anti-Virus
Anti-Virus is important in helping keep your environment secure. Ensure that anti-virus is running on all your servers and that your AV is using the most up to date Virus Signature (which is used to detect and identify viruses).
- Deploy and Tune a WAF
Traditional firewalls decide if one device can talk to another at the network level but a Web Application Firewall (WAF) monitors behaviors between an application and browser. By operating at the application level, it can detect attacks based on stored patterns as well as monitor for unusual or unexpected patterns. Application layer attacks are increasingly common in ecommerce making WAFs an essential part of your environment.
- Protect from DDoS attacks
Distributed Denial of Service (DDoS) attacks are an attempt to take an organization’s internet presence offline, usually by overwhelming the site’s network connection or server with traffic from a collective of hacker-controlled zombie computers (also known as a Bot-net). Denial of Service Attacks can bring your campaign strategy to a screeching halt, and historically November is a busy month for DOS Attacks. Hackers may even use DDoS attacks as a means to distract while credit card data is stolen.
DDoS mitigation services can be very expensive. If you don’t have room in your budget to leverage this type of service all year round, consider using one during the holidays on a short-term basis.
- Run a vulnerability scan
Vulnerability scanning proactively identifies weaknesses in your network, application or infrastructure. The test is generally automated and will detect known attack vectors. Running a scan can help you identify known vulnerabilities in your environment before your busy season, giving you time to fix them before they become a problem.
- Run a penetration test
Penetration testing will exploit weaknesses in your code and application. This type of test uses a combination of automated testing and experienced testers to complete the test. Executing a penetration test before your busy season will allow to you address any issues before they affect your holiday results.
For more holiday preparadness advice check out Tenzings 2015 guide.
Learn how leading retailers keep their sites performing under peak load, including details on how you can:
- Prepare your infrastructure
- Optimize your commerce application
- Manage your marketing
This guide is designed to help mid-sized retailers prepare for peak season by examining their infrastructure capability, application capacity and marketing campaign processes. Each of these elements is key to understanding how well your web store will perform during the holidays.
Elizabeth Scott leads Tenzing’s four Service Delivery departments, spanning the complete customer lifecycle from sales hand-off to ongoing support, creating a full-cycle and integrated support model. Elizabeth joined Tenzing in 2008 to build our Service Desk and her focus on performance through automation, process improvement and improved technical skillset saw her grow that team to include three tiers of support, the Technical Account Manager program and more. Inspired by her experience working with retailers, Elizabeth created Tenzing’s Cyber Week and Holiday Season Preparedness Programs to ensure Tenzing infrastructure and teams were prepared for the holiday season. She has also developed a Campaign Best Practice program to assist ecommerce customers extend the life of their infrastructure during peak periods. With previous experience at HP, Elizabeth is a ITIL practitioner with over ten years’ experience in IT support and service.