You’ve just plopped down in your favorite chair after a big Turkey Day meal. Your first “real break” in months. Your only intention today is to relax because you know the next five weeks (from CyberMonday through New Years) will be non-stop, chaotic “fun” for your new business online.
Just as your head tips back and your mind wanders off to dream about the great momentum strong holiday sales will provide for your new enterprise, the phone rings. It’s your Web site developer. The news is not good. Somehow, someone has compromised your site’s customer database and taken critical customer data, like credit card information.
What you do in the next 48 hours will be critical to getting your business back online, on track, and on safe ground. Two things to remember: Transparency and Communication. It’s not just about restoring your Web site to a secure state but restoring your customer’s confidence to continue to shop with you.
Step 1: Announce and Assess (Timeframe: Immediately – 12 hours after the breach is discovered)
Immediately, get your site offline. Google has some specific recommendations regarding the best way to accomplish this.
Customers appreciate being notified as soon as possible, and they would rather hear it from you first. Plus, being the first to report the cyber crime lets you control the message. Concurrently, make a general public statement about what has happened and instruct all individuals (or companies) who have done business with your company to monitor their credit report and banking statements for inconsistencies.
Deliver the statement to all concerned parties via email and make sure to train all customer-facing representatives with the appropriate dialogue. Here’s a concise and effective example from Balmar Incorporated.
Step 2: Conduct a Deeper Investigation (Timeframe: 12 hours – 36 hours+)
Computer forensic auditors, PCI representatives, governmental agencies, and others may be involved in the process depending on the nature of your business.
Start by interviewing all personnel responsible for securing your environment and find out if they are aware of any known vulnerabilities. Next, begin reviewing log files with the following specific goals in mind: Identifying the date(s) of the breach, how many customers were compromised, and what information was stolen.
As consumers proceed full force into the online shopping season, it’s important to remember that good-hearted, upstanding citizens won’t be the only ones filling their shopping cart. As cybercriminals prepare to trade massive scores of PII (personally identifiable information) for cash in the “Underground Economy”, it’s important you recognize the risks and take steps necessary to protect your identity.
Less than 20 days until CyberMonday. Your warehouse is full. Your shipper is standing by. But have you considered what will happen at your website after a flood of qualified buyers click on the irresistible and precisely worded ad for your product or service? Now (not then) is the time to find out if your website can take the heat that CyberMonday will dish out.
Tis the season for shopping, travel, food, and family. Unlike holiday seasons of past, planning and performing these activities will involve the web. Booking travel online. Searching for great buys, and purchasing gifts for your family, friends, and clients. Discovering the best recipes and party ideas to ensure your holiday gathering is memorable. When you sit back to think about it, eCommerce is infiltrating our shopping lives, and for good reason.
