‘Poor Cyber Hygiene’: Three Dirty Words for Online Retailers

Breakdowns in routine cyber hygiene have resulted in several recent security breaches at online retailers. CISOs, CIOs, and board members are, therefore, coming to understand that basic infrastructure and security protocols must be upheld to protect the business from cyber criminals and threats.

Basic hygiene includes understanding where the most valuable assets reside, deprovisioning legacy assets, configuring the system with key security settings, and making sure the environment is properly patched and updated.

Unfortunately, these seemingly simple practices are tedious and difficult to maintain, often overlooked by the latest, greatest security solutions that promise to keep your business safe.

Failing to maintain basic security hygiene can harm customers, revenue, success, reputation, and the integrity of the business. The challenges are exacerbated by emerging concerns related to the Internet of Things (IoT), ever-increasing third-party access to retailer sites, and the significant amount of customer data stored on a retailer’s network.

What can online retailers and other organizations do to mitigate risk? Here are three best practices in cyber hygiene.

  1. Create a mandate for basic cyber hygiene in your business environment. Support this effort with ongoing education for employees and partners. When it comes to cybersecurity, ignorance is not bliss.
  2. Develop a basic threat profile.  Not all companies are created equal in terms of their security profile and posture. Developing and understanding your basic threat profile allows a clear understanding of where your most valuable assets reside, and what specific measures you should take to protect those assets.
  3. Establish a formal process to secure emerging technologies. New, innovative technologies, such “omnichannel” marketing, create new revenue opportunities for online retailers. But these technologies also pose new security risks, and must be considered under the same security microscope as the rest of your business functions. Having a formal process will make for smoother, justifiable adoption and more secure technology.

The traditional approach has been to rely on compliance measures as a way to mitigate risk and maintain an overall secure posture. However, compliance has not been an effective model for a very long time. While businesses must check the compliance box, it can’t be defined as a security gold standard and, more often than not, offers a false sense of security that puts businesses at greater risk.

Conclusion

Getting back to the basics of cyber hygiene is where the real day-to-day security grind should focus. If retailers and others emphasize and uphold solid, basic blocking and tackling security measures, they will be far less susceptible to cyberattacks across the different high-profile areas of concern.

In the end, online retailers and similar businesses must work to achieve a basic security foundation and only then seek to deploy more novel security precautions.  This approach, while not glamorous, will allow companies to review cybersecurity with a strategic mindset and provide a solid foundation for preventing breaches and protecting the firm’s—and customers’—valuable data.