Best Tool for Protecting Holiday Shoppers' Data: Basic Common Sense

Posted on by Tony Kontzer

When the topics of cybersecurity and Christmas are combined, it's difficult not to think of 2013, when Target was hit by the most notorious of holiday season data breaches.

The fact that we still cite a 5-year-old event hints that cybersecurity may have gotten a bit better since then. Somehow, the subsequent holiday seasons have been free of such large-scale breaches, and history suggests that Christmas actually is one of the slower times of the year on the retail cybersecurity front.

But that's just the kind of inviting propaganda enterprising data thieves are on the lookout for, so no one should take this positive trend as an excuse to be complacent. In fact, if one needs proper motivation there are plenty of signs that retailers haven't done enough to protect their customers. A recent report from IBM's Security Intelligence postulates that security has gotten short shrift as retailers have invested in digitizing every part of the customer experience.

What retailers must remember as the holiday season approaches is that a breach during a time when customers most want to know that their purchases are being handled securely could destroy a company's reputation. At best, it would certainly eat into holiday profits.

It's with these potential potholes in mind that Multichannel Merchant has offered up 5 tips to keeping holiday shoppers' data secure, and as with any such list of tips, it's filled with common sense. But while suggestions such as knowing what partners are doing with customer data and where they're storing it, employing encryption strategies, and educating employees on preventing breaches may seem obvious, there are too many examples of retailers not getting the basics right to give anyone the benefit of the doubt.

Which brings us to one of the most important truisms shoppers need to keep in mind as the holiday shopping season approaches: no one is going to make the security of your data a bigger priority than you are. In other words, if you want your data to be safe, do something about it.

Again, this seems like common sense advice that every consumer in 2018 should be well aware of. Yet, cybersecurity vendor Symantec's list of tips for promoting online shopping safety is filled with obvious reminders of basic security indicators online shoppers should be looking for.

Apparently, we still have to be told not to click on links in suspicious emails. We have to be reminded that without the "s" after "http" in a web site URL, we can't count on a web site being secure. We have to have it pointed out that a green URL with a little illustration of a padlock next to it implies that a site is safe.

In short, we have to be told that there might be bad people lurking in places we normally trust to be safe.

"Most of us never even think about checking the online security status of a preferred online vendor," Symantec's post setting up the tip list reads. "That’s because nowadays most of us take online security for granted."

So, beyond these common-sense tips, what can online shoppers—and let's face it, that's all of us—do to make their upcoming holiday season a bit safer?

Well, they can start by focusing on sites known for taking cybersecurity seriously. It's not that hard to figure out — LastPass recently released rankings of the 10 largest online retailers, and Apple and Best Buy lead the pack, while Walmart and Wayfair bring up the rear.

LastPass also offers up some tips we can get behind, starting with looking for sites that offer two-factor authentication. It's amazing how much that extra step brings in terms of added protection.

Avoiding social media sign-ons is also a good idea, not just when you're shopping, but always. There is no reason to give social media sites access to — and responsibility for — data that they don't need.

In the end, however, there's one security tip that rises above all when it comes to user-friendliness and proven effectiveness: shop in a brick-and-mortar store and pay cash. It'll feel really weird, but there's not much a criminal can do with the serial numbers off of a $20 bill.

In all seriousness, the numbers clearly indicate that cash isn't a realistic option with online retailers expected to ring up $120 billion in Christmas E-commerce sales this year.

That means the security of millions of American holiday shoppers may come down to them familiarizing themselves with all of those common-sense pieces of cybersecurity wisdom.

Let's hope common sense prevails.

Tony Kontzer

, RSA Conference

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs