If worries about holiday sales figures weren’t enough, IT experts are recommending business owners take a more vigilant and aggressive approach to data security this holiday season (and beyond) to protect customers’ sensitive data and to assuage their fears about being victimized by cybercrime.

Businesses face tremendous pressure to keep transactional data safe, especially with the steady increase in on-line shopping and spending. As the president of SystemsExperts, an IT security and consulting firm, John Gossels observes, “In addition to traditional merchandizing challenges, they now have to worry about whether their IT infrastructure is up to date and can handle the load securely [and] Merchants of all sizes need to plan for it strategically and programmatically.”

Preparing well before the Black Friday/Small Business Saturday/Cyber Monday launch, and the rest of the holiday shopping season, is of paramount importance and the most effective tactic. Gossels notes that protection and security are year-round efforts, but planning and timely execution are the cornerstones to data security, and he offers an outline that of steps businesses can take.

Before anything else, he says, check compliance with PCI-DSS (Payment Card Industry Data Security Standards). Websites and back-end systems must be in compliance and able to handle the increased transactional volume of the holidays. And although the shopping surge looms just around the corner, Gossels believes this is a good time to initiate a yearlong program to ensure system security.

  • Firstly, make sure your current software and technology is operating as it should, and identify and install any critical patches that are needed and that are released. Once you know your current systems are up-to-date and functioning properly, refrain from installing any new technology or software until early next year.
  • Secondly, after the season and early in the new year, conduct a complete review of your system, evaluating enhancements and system architecture; this should include a compliance review as well.
  • Thirdly, beginning in late spring or early summer, launch and test all upgrades and changes to the website and all back-end systems, with particular attention paid to how well they function in multiple scenarios.
  • Fourthly, and no later than early fall, begin regular security testing and PCI compliance reviews.
  • Lastly, before November of next year, make sure all problems and issues uncovered during testing and review have been corrected – all security patches are installed, and problems with capacity have been corrected. Then, make sure all employees are trained on how to use the system and its resources.

Establishing this routine as a regular part of your operations will help protect you and your customers from security breaches by hackers.


Fallon, Nicole. “Keeping Your Business Data Safe From Holiday Hackers,” Business News Daily. November 13, 2014.