Flip through any of today’s leading industry magazines or websites like PPAI’s PPB or ASI’s Promogram and you are sure to run across an article or two regarding cyber security, data protection, or a new virus or malware that is targeting our industry. In today’s always connected world it’s time to start understanding online security and what you can do to keep you and your client’s information safe and secure.
This blog post is split into 2 parts for easy reading or skimming. The first part goes over how BrightStore’s keeps your information safe and secure. The second half of the blog covers things you and your company can easily implement to help keep information safe on your end.
Part 1: BrightStores & Company Store Security
Great security never comes as an afterthought, it needs to be incorporated into the very foundation of your program and online store. To keep your store secure, our production server is hosted on a custom designed private cloud at Flexential datacenter in Pennyslvania known for unsurpassed service, reliability, security, and redundancy. Each server has the ability to operate indefinitely during a power failure and have two Security Operations Centers or SOC’s on standby 24/7. For added security we employ a “deny all, allow” strategy which let’s us control the specific types of network traffic allowed into and out of our systems. Think of it as your gatekeeper.
To keep your information secure we also have:
- – Multiple Firewalls
- – Intrusion Detection/ Prevention Systems (IDS-IPS)
- – WAF (Web Application Firewall)
- – 24 hour online Help Desk
- – Video Surveillance
- – Round the Clock Manned Security
- – Multitude of Physical Security Features
Security is an Ongoing Process
It’s important to continuously monitor the system you put in place. If not you, leave it open to new threats.
At BrightStores, we utilize a security scanning system to monitor and provide us with details of potential weak points within our software and system setup. We also regularly update the operating systems and software that Bright Sites runs on top of by:
- – Reviewing our system and security logs on a regular basis.
- – Patching our operating system (OS) and supporting applications every weekend.
- – Updating applications for bug fixes and security patches once a month or as needed.
Encryption: Usernames, Passwords, and Other Information
We use encryption to add another layer of security and to make passwords illegible which is why our Support Team isn’t able to retrieve passwords for you and your clients when lost or forgotten.
When information is “in transit” meaning it’s passing from your computer to our server, we use TLS 1.2. You’ve probably never heard of TLS but I bet you’ve heard of SSL. SSL or Secure Sockets Layer is what creates a secure connection between your computer and an outside server. While SSL has been standard for years, it’s being replaced by TLS or Transport Layer Security which is very similar but has stronger encryption.
Credit Card Information
Credit card information is another type of information that hackers desire. So just how safe is your shopper’s information when they checkout with a credit card in your store? Extremely safe. There is no point in the checkout process where BrightStores has the ability to view the credit card information, not even as your shoppers are typing it in. All of our stores use Spreedly to help our stores safely communicate with whatever payment gateway you chose to integrate with.
Spreedly is a Level 1 PCI Compliant Company that uses an iFrame Payment Form to securely capture and collect the credit card information at checkout. It then returns a tokenized payment method to your store when the payment has been successfully submitted.
Part 2: How You Can Keep Your Information Safe
Realistically speaking, your online information is never going to be 100% safe. It’s a constant battle and hackers are great at finding new ways around security protocols, which makes it critical to be prepared and agile. Below are four things you can implement today to help keep your information safe and lesson the potential damage of an attack.
You may already have an employee training program in place at your company but if not, now is the time to put one into place. Create a formal training program for all employees with an emphasis on cyber security. Part of this training should include access to company wide security policies and procedures. That way if an employee has questions on how to handle a specific situation or whether they need to check with IT before downloading something, they can easily access these document to find the answers.
Be sure to enforce any policies you and your team have put into place. Afterall, policies are only effective when they are follow through. Be prepared and have a plan in place for what to do if a situation does arise or a policy is broken.
Install Anti-Malware Software
Many people assume that anti-virus and anti-malware are synonymous with each other but there are some major distinctions. According to Ioana Rijnetu’s article, Antivirus versus Anti Malware: Which One Should I Choose? published by Heimdal Security, malware “works as an umbrella term that refers to software that is defined by malicious intent.” Whereas, “a computer virus is a piece of software capable of self replication that can harm computers and information systems.”
To make this easy to understand think of malware as a criminal. You don’t know what type of criminal or what they are capable of but you know their intent is impure. A virus on the other hand is more like a burglar. You know what type of criminal they are and that they specialize in breaking and entering. They will most likely be after any valuable assets that you own like jewelry or cash.
You can install an antivirus, anti-malware, or both but the latter will give you the most extensive protection as it will look for a much wider variety of attacks and includes multiple layers of security. Let’s face it…just like parfaits, the atmosphere, and passwords some things are just better with layers. Which brings us to number 3…password management.
Trust me, we get it. No one has the brain capacity to remember every single password but that is no excuse to keep using the same iteration of your go to password for anything and everything. There are a million and one password managers available online like Google Passwords, Dashlane, and more. What makes these password managers so great? Well for starters they keep your username and passwords safe but they also help you come up with super secure passwords and will oftentimes notify you when one of your passwords may be at risk.
If using a password manager gives you anxiety and you prefer using an old school method simply keep a notebook or record of your passwords and store that in a secure lock box near your computer or somewhere you won’t forget.
Lastly, Read your Emails Carefully
Managers used to be able to tell employees to use common sense when going through email. Unfortunately, cyber criminals have gotten so crafty that sometimes even the most trained eye has a hard time spotting impostor emails. Nowadays it is a smart practice to give each and every email you receive a thorough review before taking any action.
Be sure to look closely at the senders email address. Does the address match other emails you have received from that individual or organization. Sometimes a simple “s” at the end of an organization name can be enough for someone to glance and give an impostor email the okay or vice versa. For example, all of our organization emails end in @brightstores.com but what if you received an email from firstname.lastname@example.org with an invoice attached, would you notice the difference while scrolling through your inbox?
If the email contains an invitation, attachment, or link ask yourself if you were expecting to receive that request or information before taking action. If you have any doubts about the email, it’s contents, or anything else don’t ever hesitate to contact your IT person. If the email is from an individual that you are familiar with but weren’t expecting anything from them, go ahead and reach out to that individual in a separate email or phone call to double check.
At the end of the day, security is complex but that doesn’t mean it has to be complicated. If we all start thinking about privacy as a serious matter, including simple steps like creating secure and unique passwords, we can become agile and adapt to whatever situation may arise.
Joshua – Director of IT, BrightStores