Monday, July 9, 2012

5 Lessons from the LinkedIn Password Hack for Online Retailers

Whether it’s clicking on spam links or using “1234” as a password for both Twitter and banking, online merchants will always have to be mindful of consumers’ impressive ability to jeopardize their own information. It’s man against the machine. As merchants try to stay one step ahead with the latest security tools, it can be frustrating when customers unwittingly play into the bad guys’ hands.

We gained some valuable insight into this world of user-based threats just this month, when over six million LinkedIn passwords were breached and posted online. As it turns out, there were hundreds of duplicate passwords and patterns, most having to do with the site’s theme – ‘link’, ‘work’ and ‘job’ were all among the top five.

What retailers need to realize is that strong password management doesn’t just mean protection for customers. It also affects your bottom line – protecting your business from fallout in the event that a customer’s account is hacked.

So how can you, as an online retailer, help customers help themselves?

1. Be proactive and warn of  “phishy” emails

One of the most surefire ways to get hacked is by clicking on malicious links in email. Email is ridiculously easy to forge, and links are easy to manipulate and redirect. Does your address bar read “ebay.com” or “ebayy.com”? Most consumers won’t think to check. This can become a serious problem for online companies, as LinkedIn now knows all too well. Hackers are quick to exploit news of a breach by crafting phishing emails – phony messages that mimic the language and style of your company’s messaging to extract sensitive information.

Help teach your customers security best practices by example – never send or request private information via email, including passwords or identity verification. Remind your customers of these security measures in the emails you do send, helping to decrease the likelihood that a malicious actor can leverage your content for a phishing attack.

2. Follow the news

When a crisis occurs that could affect your customer base, let them know! Staying on top of the latest news and keeping your customers up-to-date isn’t just about password protection – it’s also about customer service. Looking out for your customers is the hallmark of great service both on and offline, and providing security insight is one way to build trust and loyalty for your online presence.

3. Be an educator

Retailers need to lead by example. Customers don’t always know how to create a strong password, and they don’t always understand why using different passwords for different sites is so important. Educate your customers by encouraging a password that contains a combination of uppercase and lowercase letters, numbers, and symbols with a minimum length – and let them know why. A general industry trend is to include a clause during sign-up that shares your company’s security policy, or a widget that rates their password strength from weak to strong.

4. Easy password recovery

One of the highest cost elements of customer service is dealing with lost passwords, and this will certainly become an issue if your company recommends password complexity. It’s like locking yourself out of your house or apartment – it may not happen often, but it happens to everyone. Your site must have a simple, secure and straightforward procedure for managing customer passwords that will make them easy to retrieve on-demand. Once customers know that their password information can be securely and easily recovered, they’ll be more likely to choose a variety of complex passwords across accounts – increasing their overall security.

5. Security from the inside out

By implementing a trusted website vulnerability scan like the McAfee SECURE™ service, you can proactively protect your business with daily scanning that checks for thousands of vulnerabilities that could lead to security breaches. The cost of a breach can be devastatingly expensive, especially for small retailers, when you take into consideration legal fees, call center expenses and lost employee productivity. When you add in the impact on brand image and the loss in customer confidence, this fallout could literally end your career as an online retailer – a fate no business should take lightly.

Unlike most consumers, retailers have a responsibility not only to themselves, but to the entire eCommerce community. It’s up to you to educate and protect your customers, which will in turn boost trust in online retail as a whole.

Share your thoughts on this topic in the comments below, and be sure to follow us on Twitter at @McAfeeSECURE for the latest eCommerce news and events.

By Nancy Levin