The winter holidays offer big potential for retailers, with some companies earning around 30 percent of their annual revenue during the season, according to the National Retail Federation. Big sales numbers, however, also drive increased risks of fraud and theft, and businesses are now spending on extra security measures to keep physical stores safe.

But this is only half the battle. With retail stores moving online and hiring seasonal staff to bridge the holiday gap — not to mention handling employees who are more focused on holiday breaks than network breaches — it’s worth taking stock of retail security hygiene and revisiting how to protect consumer data from opportunistic cybercriminals.

Here’s how a seasonal hygiene checkup can help mitigate three top retail risks.

Fight E-Commerce Fraud During the Holiday Season

Online fraud jumps during the holiday season. As reported by PYMNTS, while total transactions rose 19 percent, online fraud increased by 22 percent from Thanksgiving to the end of 2017. There’s no single point of fraud failure across retail e-commerce stores, but threat actors continue to prioritize phishing emails as the primary point of compromise. If attackers can convince customers or employees to open attachments or follow malicious links, both purchase fraud and network infection are possible.

So how can companies assess their current security hygiene around e-commerce? It starts with simple questions: What do common attacks look like? What are the likely threat vectors? What are the potential costs? If retail organizations aren’t sure of the answers, they’ve got work to do. As U.S. Attorney Erin Nealy Cox wrote in Forbes, companies should create common threat profiles that allow IT teams to focus on vulnerable areas and develop specific countermeasures.

Simple processes — such as locking accounts after multiple failed login attempts and putting a limit on multiple purchases made over short timespans — can help, but it’s also a good idea to leverage automated, real-time fraud detection solutions to help identify attack patterns and reduce total risk.

Seasonal Staffing Concerns

To handle seasonal crowds without compromising customer service, many organizations hire extra staff during the holidays. According to Retail Dive, experts predict that retailers will bring on 650,000 seasonal employees to help offset consumer demand this year. To do their jobs, seasonal workers need access to point-of-sale (POS) networks, checkout systems and any mobile applications used by the company. This is the next hygiene shortfall for many companies: Hiring new employees without effective security onboarding and offboarding.

Consider a staff member who receives access to POS systems that are connected to back-end corporate networks. Inadequate training has them leaving sessions open and sharing passwords with co-workers, while minimal offboarding means they may retain login details and/or remain on internal permissions lists. As noted by Channel Partners Online, better security in this case starts with segmentation: POS and other sales systems should always be logically separated from other network services to prevent unintentional — or malicious — compromise.

Identity and access management (IAM) tools are also critical. IT teams need a way to control access for all retail workers — even those employed for only a few months — at a granular level to help protect consumer financial data and corporate intellectual property (IP). By assigning seasonal workers access roles with privileges that allow the completion of day-to-day tasks but don’t permit extraneous activity, retailers can boost both in-store and online security. Additionally, IAM solutions make it easy for network administrators to remove seasonal accounts and privileges when the holidays are over.

How to Protect Consumer Data From Insider Threats

No seasonal security checkup is complete without taking stock of internal employee risks. While Security Magazine noted that 75 percent of these insider threats are accidental, they’re no less risky to retail bottom lines, especially if users accidentally give threat actors complete access to network resources.

Improving security starts with a look at employee time off. Are workers putting in extra hours, pulling double shifts or working straight through the holidays? As noted by Harvard Business Review, 94 percent of employees who take time off for vacation come back to work with more energy and a better outlook. This may not be possible for retail companies during the holiday season, in turn lowering productivity and putting organizations at risk. It’s also worth assessing the number of employees working from home. As the holidays approach and weather gets worse, more and more employees may opt for home offices instead of slippery commutes. But are they logging into network services safely?

The first step for better internal security is to implement two-factor authentication (2FA). This practice helps reduce the chance of accidental logins and limits the ability of threat actors to compromise networks if less-than-productive employees have clicked on infected links or opened malware-laden attachments. It’s also a good idea to invest in virtual private networks (VPNs) and other network safeguards to help prevent bad actors from eavesdropping on remote workers. Email management solutions, meanwhile, can prevent messages with sensitive attachments from leaving secure corporate environments.

Give the Gift of a Security Hygiene Checkup

With the winter holiday season already upon us, retail companies would be wise to conduct a quick, but thorough security hygiene checkup. Start as early as possible to make it easier to identify key threats across e-commerce systems, seasonal staffing policies and employee behaviors. Then, develop a formal process to address these issues and improve security outcomes. This prevents security best practices from sitting on a shelf while retail risks rack up, and provides a blueprint for technology deployment and implementation.

Listen to the podcast: Examining the State of Retail Security

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…