How to secure your eCommerce website for the holiday shopping season
By Tin Zaw, Director of Security Solutions
Each year, the number of consumers opting to do their holiday shopping online grows. This year, Americans are expected to make $134 billion in eCommerce purchases during the holidays. According to research from Deloitte, eCommerce sales could rise by up to 22 percent during the 2018 holiday season. This growth could be a double-edged sword for online retailers as an increase in load could result in a slowdown in performance – and revenue. When a website slows down, even for a fraction of a second, the user experience is diminished causing many shoppers to leave the website, which could cost a company hundreds of thousands or even millions of dollars.
As we enter the homestretch of the holiday buying season, now’s the time to answer this critical question: Is your website ready for increased traffic? Here are four steps to ensure that your website weathers the online holiday rush without skipping a beat.
Capacity, capacity, capacity.
It’s not just that web traffic rises during the holiday shopping season, you could experience sudden spikes if a particular item goes viral or shoppers rush in at the last minute to purchase gifts. Online retailers should be prepared for surges in malicious traffic, too. Remember that denial of service (DoS) is the leading security incident that can negatively impact availability and performance for websites and web services.
Preparation, preparation, preparation. The best way to prepare for traffic spikes is to build-out extra capacity. Using a content delivery network (CDN) is the easiest way to make sure your website is prepared for sudden traffic spikes, whether that traffic is malicious or not. A CDN ensures you have capacity-on-demand so you can scale up your website to accommodate a significantly larger audience at a moment’s notice. A CDN’s distributed defenses are also a powerful tool against DoS attacks, keeping your website live even when under attack.
Patch your software.
New software vulnerabilities are discovered every day – and if not patched quickly, they become a point of attack for bad actors. Take some time right now to ensure all your software is up to date with the latest security patches installed. If there’s not enough time left to check every piece of software, a robust Web Application Firewall (WAF) can also block attackers from exploiting known vulnerabilities, not just in open-source or off-the-shelf commercial solutions but also in your code.
Have a bot mitigation solution in place.
Humans aren’t the only web visitors whose activity spikes during the holidays. Competitors may use bots to scrape prices from your website and undercut your prices by pennies. Criminals may deploy them to break into user accounts via credential stuffing attacks at your login screen. In a world filled with such automated threats, a CDN with a bot mitigation solution is a must. Drawing on past data about how humans typically use websites, its smart algorithms detect unhuman-like browsing behavior and block or quarantine bots, freeing up more capacity for legitimate users.
Make sure your CDN partner has 24 x 7 availability.
Traffic spikes and security threats don’t just happen during regular business hours. During the high-stakes holiday shopping season, your CDN or security partner should be available 24 x 7 to address issues as they happen. At Verizon Digital Media Services, we don’t wait for a customer to flag a problem; we proactively monitor potential threats and can often address them before our customers are even aware they exist. By keeping most of the monitoring task out of their hands, we prevent businesses’ IT teams from experiencing “alert fatigue,” and ensure that they can focus their efforts on generating sales, not troubleshooting their web applications.
While we are in the heart of the holiday shopping season, it doesn’t mean it’s too late to improve your web security. Taking these four steps help ensure that your eCommerce website runs smoothly throughout 2019.
To learn more about how we meet our customers’ online security needs during the holiday shopping season, and all year long, click here.