Don’t let hackers ruin your profits this Black Friday
As online retailers are ramping up preparations for Black Friday and Cyber Monday, so too are hackers. While many store owners are busy focusing on maximizing sales and elevating marketing efforts, this is not the time to start neglecting security (not that there’s any time for that!)
Black Friday weekend is the busiest day of the year for many companies — in 2020, total online sales amounted to upwards of $24 billion in the US alone. Between numbers like that and the sheer amount of personal data up for grabs, it’s a tempting day for hackers.
A security breach during Black Friday weekend may not only result in profit loss for brands, but also a damaged reputation. Customers are understandably wary of dealing with an online store that has suffered a major data breach. A consumer survey from Ping Identity found that 81% of respondents would stop engaging with a brand online after a data breach.
So what’s an online store to do? Taking some of the time and resources being spent on new product launches and promotions and allocating it to cybersecurity is a good place to start. Familiarize yourself with the types of attacks retailers face and how best to protect you and your customers. Fortunately for you, we’ll be covering these very topics in this article.
Read on to find out the most common Black Friday weekend security breaches and what you can do to prevent them.
Cyber threats to watch out for on Black Friday weekend
When it comes to retail hacking and security breaches, there are countless ways a hacker could potentially attack. We’ve broken them down into three key areas:
Also known as ‘Magecart,’ after a crime syndicate that engages in credit card theft, e-skimming involves hackers gaining access to information on checkout and card processing pages by infecting them with malware. There are various methods of doing this, such as phishing attacks, compromising the server, social engineering, and exploiting out-of-date software vulnerabilities. E-skimming can allow hackers to access customers’ personal data like credit card numbers, names, dates of birth, and addresses.
A high-profile example of a Magecart attack occurred in 2019 when Macy’s had to notify thousands of customers that their personal and credit card information may have been stolen when they discovered their payment portal had been compromised. This goes to show that retailers of all sizes can fall victim to Black Friday hackers if they’re not prepared.
Fake websites, apps, and social media pages
Around Black Friday there tends to be an increase in spoofed websites, apps, and social media pages pretending to be real, known brands. These can be pretty similar to the real versions, particularly if would-be customers aren’t paying attention. Sometimes they offer fake coupons and merchandise, ensnaring customers through ads featuring too-good-to-be-true deals and phishing emails before stealing their data. In fact, there was an 80% increase in phishing emails in the run-up to Black Friday 2020, with more than 5,000 probable scam sites registered in November 2020 alone. Learn more about phishing and how to protect yourself from becoming a victim in this blog post.
You’ve likely come across a bot or two in your online surfing (they account for nearly 40% of Internet traffic, after all). While some bots are completely harmless and carry out vital work to keep things running smoothly, many bots are instead used for nefarious purposes. According to Imperva, bad bots made up 24% of overall bot traffic in 2020.
On Black Friday and Cyber Monday, bad bots can target your online store in numerous ways, from taking over customer accounts to Distributed Denial of Service (DDoS) attacks. DDoS attacks involve bad bots overloading your servers with fake traffic to crash your site and make it unusable. On Black Friday weekend, this can be catastrophic for both your sales and reputation. Shopping bots can also be used to snatch up Black Friday sales, particularly in-demand items with limited availability, and to resell them later for a higher price on third-party sites.
How to protect your business
Now that you know what the biggest threats to your business are this Black Friday, here are the measures you should take to protect your online retail business and your customers this Black Friday and Cyber Monday.
Audit website vulnerabilities
Website vulnerabilities come in all shapes and sizes and can sometimes crop up in unexpected places. This is why a full security audit of your site is crucial before your Black Friday sale. If you have a small team or are running your business solo, this is an excellent time to hire an expert so you can be sure that all potential hacking entry points have been rooted out.
Here are some examples of common website vulnerabilities to look out for:
- Out-of-date software and patches: Software updates don’t just add cool new features but also address known threats and recent security vulnerabilities. If you don’t update your site regularly, then it runs the risk of exploitation.
- Third-party vendors: Many sites use third-party tools and scripts for features like widgets, live chat functionality, and even analytics. If these vendors aren’t doing their due diligence and continually updating their products, hackers could attack your site via these scripts. It’s crucial to vet these third-party tools and restrict their access to your customers’ private and financial information.
- Website admin URL: Many CMS have a default admin login page that website owners don’t think to change. For example, with WordPress, the default login URL is example.com/wp-admin. When hackers can easily access the admin URL, it leaves your site vulnerable to brute force attacks and takeovers. Prevent this by changing the default login URL.
- Dormant domains and open ports: It’s not uncommon for website owners to set up subdomains and mail servers with ambitious intentions that end up being left unused for several years. Make sure to add security measures to these domains as they could serve as an access point to your main site. Likewise, many sites have open ports without owners even realizing it, though this is mainly a concern for those with VPS or dedicated hosting.
Use a CDN
One of the best ways of preventing DDoS attacks is by using a Content Delivery Network (CDN). A CDN is a network of servers that are usually distributed globally. When you use a CDN, a backup version of your site is stored on several servers in specific geographical areas. Not only does this speed up content delivery to people in these particular locations, but it ensures that if your website experiences a sudden influx of traffic (such as with a DDoS attack), then users will still have access to your site. Check out Namecheap’s CDN.
Implement a firewall
Keep traffic from untrusted networks away from your site with a firewall. There are many firewalls to choose from, but try to stay away from generic firewalls and use one that caters to your particular CMS.
Keep customers and employees informed
Monitor the web as much as you can to find fake sites and social media pages so that you can warn customers to stay away from them. Extra caution is key around Black Friday weekend. This also applies to employees. Ensure that you have a strong password policy in place and warn them to be wary of messages from unknown people to avoid becoming victims of social engineering.
For many online retailers, Black Friday and Cyber Monday sales account for a large chunk of their yearly revenue. It can be easy to get carried away focusing on your marketing strategy to attract customers, but it’s more important than ever that security doesn’t fall by the wayside. With cyber-attacks continually on the rise, if your online store has any kind of vulnerability, hackers are sure to find it. Take the time to properly audit your site to protect both yourself and your customers, and hire an expert if possible. By taking all the preventative measures you can ahead of time, you’ll be free to focus on maximizing sales.
To learn more about beefing up your site security, why not check out A-Z Website Security for WordPress Business Owners and How to Protect Your E-Commerce Website in 9 Steps.