Keep the Season Bright: Holiday Cybersecurity Tips for Retailers
The holidays are upon us, and the last thing retailers want to do is respond to a security incident.
Close behind, we’re sure, are changes to systems and policies at this time of year. But what can you do now to minimize the likelihood and impact of a cyberattack?
Be suspicious. Human-centered breaches—phishing, social engineering, insider threats—remain a huge threat vector. With emerging AI technologies that can produce faster and better threats, there is all the more reason to be cautious about new requests, unexpected directions, and unusual contacts.
Expect increased activity. We ran down the reasons why and how attackers love this time of year last year, and those haven’t changed. Consider likely weak points and apply additional resources where possible.
Resist urgency. Attackers rely on a sense of urgency to bypass normal processes and second looks. While there are plenty of reasons to act quickly during the holidays, remain cautious about who is asking for what and why they are in such a hurry.
Stay informed. Keep up with industry news, threat intel, and vulnerability announcements for your key software and vendors. Be prepared to act quickly on both routine and emergency patches.
Track new initiatives. Holiday incentives, offers, and other experiences that collect consumer data can’t be immune to required processes. Ensure that only the right data is collected and that it’s properly processed, stored, and deleted when no longer needed.
Take notes. What’s working? What’s not? If you have an incident, how does the incident response plan work? Are there gaps that appear when your teams are understaffed and stretched thin? When there’s time to think more long-term, draw on those lessons.
Spread the word. Remind employees of all of the above repeatedly. Vigilance is key, and with all of the other pressures of the holidays, give them permission to slow down and be cautious.
Call in help. If an incident does occur, invoke the incident response and call in help. Include experienced counsel to guide your team through the pressures added by the holidays.
Print and share
Authors
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.