Be Boxing Day clever: Don’t make headlines for the wrong reasons on the biggest shopping day of the year
2017 was stated as the worst year ever for data breaches and cyber incidents around the world. Hackers are opportunistic and will prey on those retailers that are unprepared at their busiest times. But, according to research from Ensighten, nearly half (46%) of enterprises many of which are retailers, are on the brink of a website data breach, putting customers’ personally identifiable information and bank details at risk this Christmas.
Christmas Day and Boxing Day are two of the biggest spikes in the retail calendar. According to Mastercard, last year’s spending over the festive season was up 3.1% on the final week before and on Christmas Day with online retailers experiencing the best of that sales growth. Moreover, Boxing Day alone saw 23 million people hitting the high street, spending £4.5 billion in 2017. This year, the same expectations remain as the long queues are not for everyone and many e-commerce players are primed and ready to slash prices online as well as in-store.
Surges in web traffic and transaction volumes can be difficult at the best of times with company systems and resources stretched. But under the weight of Boxing Day traffic and behind consumers flocking to grab star deals, businesses are facing a much bigger issue than their website crashing.
Research from Global Data Retail found that online retail spend is set to rise 7.5 per cent compared to offline spend (1%) this year, brand websites will certainly become a hotspot for the best Boxing Day deals, but concerningly, an even bigger hotspot for a security breach.
Recent years have seen a huge increase in cyberattacks – and last year was the “worst ever” for data breaches and cyber incidents around the world according to the Online Trust Alliance. While businesses should be equipped to handle the digital pressure that comes with these seasonal periods, our research shows they aren’t in a position to do so adequately or safely. In fact, nearly half of enterprises (46%), many of which are retailers, are on the brink of a website breach – meaning shoppers’ payment details and personal information could be in danger.
What are the cyber risks to retailers?
Cybercriminals target unprepared businesses in order to steal data. eBay, Ticketmaster and HSBC are just a few examples of those who have learned this the hard way. The problem is that businesses are often unaware of where they’re most vulnerable and therefore have not got preventative measures in place – and hackers are exploiting this weakness.
There are huge security risks to customer-facing marketing platforms such as websites and apps, where consumers share their Personally Identifiable Information (PII) via chat boxes, form fills, social media and more.
A holistic approach to security identifies any cracks criminals could penetrate. But according to our research, 41 per cent of enterprises have already experienced a security incident to their marketing platforms and many other businesses could be in jeopardy this Boxing Day.
Another major problem is that data breaches can often lie undetected for long periods of time – the average time from compromise to discovery was 101 days in 2017, according to FireEye. This is often due to the fact that many third-party technologies run on a website enabling multiple functions. But these technologies are generally not controlled or monitored by the website owner, which can result in major security vulnerabilities. They can redirect to other technologies, not placed directly on the site, where data can be extracted and shared instantly, without justification or permission. Unless that is, the business has website marketing security under control.
Avoid vulnerability by securing marketing platforms
For businesses, a cyberattack or data breach of any kind can be disastrous, both financially, and for their reputation.
Websites and mobile apps must have measures in place to protect the data coming through these channels at all points of the year – especially during seasonal spikes.
To protect consumers’ data, retailers should dedicate time to performance testing and site reporting, in order to see what third-party technologies are firing on websites and apps, and which pages they are loading on. Marketing security measures can then prevent leakages of data and PII across a business’ web properties, including chatbots, in real-time. By whitelisting vendors, only specified third-party technologies can access customer data, ensuring that it won’t be exposed.
In this era of heightened focus on data privacy, not to mention stringent regulation, businesses can’t afford to be cavalier with their data protection. Let’s hope retailers make headlines for high sales this season, rather than becoming the next data breach victim.