E-Retailers: Stay Secure This (and Every) Holiday
‘Tis the season for labeling all things naughty and nice, especially when it comes to the retail sector. In anticipation of Black Friday and Cyber Monday, everyone wants to weigh in on how to avoid holiday shopping scams, but the reality is that no season poses greater cyber-risks than another.
Cybercriminals will leverage any holiday or major national and world events if it means that they can bamboozle users into sharing some of their private information. That’s why e-retailers in particular need to be cybersecurity-vigilant, not only during the holiday shopping season but all year long.
It’s as important now as it will be come Valentine’s Day and then tax season that users know which websites protect their personal information from all-too-common data breaches. LastPass recently released its ranking of the most and least secure U.S. e-retailers, based on an analysis of a variety of account, password and website security features of the 10 e-retailers with the highest e-commerce sales this year.
Want to make sure your organization stays on the nice list come 2019? Here is a look at what kept e-retailers off the naughty list according to Sandor Palfy, chief technology officer of identity and access management at LogMeIn, makers of LastPass.
What are the most common mistakes you see that put companies on the naughty list?
Looking at the naughty list of retailers, there are some common threads we see: no use of multi-factor authentication, lax password requirements and enablement of social media single sign-on. The combination of these three factors doesn’t make for the most secure customer experience.
For example, though social media single sign-on provides a convenience to shoppers, people need to keep in mind the potential risks. Social media sites that become targets of a hack can impact a user’s security on any site they’ve used their social media credentials to log in with. Take the recent breach at Facebook, which exposed the data of 50 million people, for instance. Because the user’s Facebook credentials were compromised, any site they’ve used Facebook to log in to is potentially at risk of attack or compromise, too.
We know the importance of having strong online credentials and added layers of security—we want to keep hackers away from personally identifiable information. With all the data the “naughty” five collect from shoppers throughout the year, they should look to offer greater security controls.
What are organizations on the nice list doing right?
We noticed the retailers who made this year’s “nice list” have all taken action to encourage and enable customers to create stronger passwords on their sites, and are also running on HTTPS. Plus, two of these retailers allow customers to enable 2FA. In a time when data breaches are a dime a dozen, the pairing of these steps is critical to ensure users navigate the web more securely. Running on HTTPS protects any personal and financial information people are inputting into these websites while shopping. Requiring passwords to be lengthy and including a mix of special characters and numbers not only enforces safe password behavior but also makes it harder for hackers to crack.
Considering hackers have stolen personal information from individuals due to weak account credentials, using complex passwords is a must. We found in our recent Psychology of Passwords research that 58 percent of people reuse the same or a variation of a password. So, it’s great that these retail organizations are urging consumers to protect their accounts and data.
What can organizations do to avoid getting on the naughty list?
There are several actions companies can take to avoid being considered part of this naughty list. For example, offer multi-factor authentication as an option which allows users to add an additional layer of security when signing into accounts. Another recent LastPass report found that only 45 percent of enterprises put multi-factor authentication to use, while only 13 percent of retail businesses do. Clearly, there’s room for improvement across industries to implement an extra layer of security in order to thwart unauthorized access to accounts.
Passwords are a user’s first line of defense in keeping their online information safe and protected. Just as the top e-retailers have implemented stronger password requirements, the bottom five—and those like them—could take the opportunity to teach customers about better password habits by providing a guide during the account creation process. Despite knowing the risks of using weak passwords, many people are complacent about password hygiene and continue to do it anyway. Therefore, these retail sites should integrate requirements that push users to create unique and robust credentials, including length, numbers, symbols and upper- and lowercase letters. Obviously, most humans would never be able to remember dozens of strong passwords, so this is where password managers … come to help.
