For identity thieves, the holiday season is the gift that keeps on giving.
Preoccupied with traveling and the general running around to complete preparations, consumers become more vulnerable than ever during the holiday shopping rush — leaving an open door for identity thieves to prey on unsuspecting victims.
Although identity theft protection services are available to consumers, online retailers can also take action to protect their customers on the digital home front.
"The shopping rush has the potential to swamp company websites, and cyberthieves will be waiting for an opportunity to exploit weaknesses in data-rich systems," said Deena Coffman, CEO of IDentity Theft 911 (IDT911), a data risk and identity management services provider. "But by taking a few simple steps up front, businesses can keep their customers, and their own networks, safe from holiday-minded hackers."
Coffman, who is also an Information Security Officer (ISO) at IDT911, said that businesses can take two chief actions right now to protect themselves and their customers this holiday season: employee education and data encryption.
"The first step in a holistic approach to data security is to look for ways to keep your own internal gatekeepers on the right page," Coffman said.
In order to protect customers, businesses must also first protect employees.
"Human nature says that work and personal lives are combined in our fast-paced world," she said. Because people do at least some portion of their holiday shopping or gift browsing online while they are at work, employees may be putting the business at risk.
"As part of a company's ongoing security training and awareness program, right now is the perfect time to remind employees of safe browsing techniques," Coffman said.
Coffman explained that hackers regularly target sites where they know credit card and other sensitive data will be gathered, as not all websites that collect this information are as secure as they should be.
"If one of your employees unknowingly visits a compromised website, there's a chance they may bring malware or other threats into your business's network," she said. "It's a risk many businesses may not think about, but it's something that becomes even more important as employees' online activities on prime shopping sites ramp up."
This is because hackers only need to infiltrate one employee's system to gain access to all types of customer information, from customer names to email addresses and credit card numbers, as well as a business' own financial information, Coffman said.
"If a hacker is able to infect an employee's computer with an unauthorized program, they may now have access to the information you've been trying so hard to defend," she said. "By protecting employees from potentially dangerous Web-based threats, it is also putting better safeguards around customers' data."
The second step businesses should take to protect themselves and their customers from identity thieves is to make sure all sensitive data is encrypted.
"Even with the best education efforts on the part of businesses, and diligence exercised by employees, there's still the possibility a compromised website will be visited and a virus or other malicious software will make its way into your network," Coffman said.
In such an event, businesses need to make sure that they have the proper security measures in place to prevent access to sensitive information.
"One strategy that offers significant protection without a lot of fuss is encryption," Coffman said. "To ensure customer data remains safe, consider encrypting the sensitive and confidential data on your network. That way, if a hacker is able to gain access to your network, at least the most valuable information you have still won't be exposed."
Data breaches pose very serious threats not only to consumers, but also to a business' livelihood. In addition to fines, penalties and the costs of repairing systems, a data breach can have devastating effects on a small business's reputation, Coffman said.
"Customers' loss of trust is a difficult thing to rebuild. Encryption is a step that takes only a small amount of effort and resources up front, but can prevent big problems down the road," she said.
Originally published on BusinessNewsDaily.