Ah, Thanksgiving: Turkey, football, and rampant consumer madness.
The day after Thanksgiving, known as Black Friday, kicks off the holiday shopping season with a bargain-hunting bang. Its online counterpart, Cyber Monday, follows on its heels. And the shopping won't really stop until the end of December. It's a most wonderful time of year for consumer retailers and other businesses that earn the lion's share of their annual revenue during a few frenzied weeks.
"One credit card processor we work with does nearly 35% of its annual dollar volume this time of year and 20% of its total transaction volume, which is tens of millions of card swipes," said Stratus Technologies CEO Dave Laurello. "Just minutes of downtime could be disastrous financially and to its reputation."
[ For more on best security practices for SMBs, see How Small Business Owners Become Cyber Victims. ]
Indeed, these traffic surges should be a boon for the balance sheet -- but they can quickly become a bane if service disruptions or full-blown site outages occur. Black Friday is an obvious traffic driver, but similar spikes can take place throughout the calendar. They're often the result of predictable events such as holidays, new product launches, advertising campaigns, and seasonal factors.
Here are five ways small and midsize businesses (SMBs) can help prevent website problems during such high-volume periods.
1. Don't Get Caught Unprepared.
Unlike natural disasters and other uncontrolled causes of IT havoc, many traffic surges -- like Black Friday -- are quite predictable. Online merchants generally expect to see a 200% increase in organic traffic over the Thanksgiving holiday weekend, according to CorraTech COO Michael Harvey. Traffic might temporarily spike 800% or more if the marketing team runs a successful Black Friday program. Advance preparation is a must.
“Obviously, planning is key," Harvey said. "It's very important to define clear roles and responsibilities and escalation paths in the event that any problems crop up."
For lots of SMBs, such planning needs to involve both internal and external groups, such as the in-house IT team, an external Web hosting firm, and the development firm that implemented the e-commerce engine. Regardless of your specific scenario, make sure resource assignments are clear for monitoring, troubleshooting, and related tasks. Harvey suggested authorizing key personnel at the appropriate vendors to proactively solve problems as they arise, rather than waiting for approval. An example: Enable the third-party development firm to open or escalate trouble tickets directly with the Web host.
Communication is critical among internal teams, too. If the marketing department is running Black Friday or similar promotions, the IT team needs to be in the loop. "It is vital for the technical team to know exactly when such a promotion is unveiled to the public, and all eyes need to be carefully monitoring system performance," Harvey said.
2. Watch Out For The Bad Guys.
Shoppers aren't the only ones out over the Thanksgiving holiday. "Cybercriminals mark their calendar and look to capitalize on the online shopping frenzy through fake sites and scams masquerading as 'special' promotions," said Kevin Haley, director of Symantec Security Response.
The same can hold true for just about another other high-profile holiday, event, or other traffic driver -- online crooks follow the money. Haley advised using securing your customers' entire website visit via Secure Sockets Layer (SSL), also known as Hypertext Transfer Protocol Secure (HTTPS), rather than just certain portions of the site such as checkout.
Further, he recommended using the "green browser bar" that comes with Extended Validation SSL Certificates to reassure consumers that yours is a legitimate site. Lastly, use automated malware scans and vulnerability assessments to prevent and detect website threats. A malware infection or other breach could cause both Web browsers and search engines to blacklist your site, among other major problems.
3. Consider Dialing Down DoS Defenses.
There's one security practice that can backfire during the holiday shopping craze: defenses against denial of service attacks. "The volume thresholds that keep your site protected the rest of the year may be too low to handle a welcome holiday Web spike," said KEMP Technologies chief scientist Jon Braunhut. "Ease up on those controls until the New Year." (Just don't forget to dial them back up in 2013, of course.)
4. Compress For Success.
Braunhut also advised Web content compression as a best practice that becomes particularly useful during high-volume periods such as the holiday shopping blitz. It can both lower bandwidth costs and improve site performance. "If you're going to be running anywhere close to your Internet circuit capacity during the onslaught of holiday traffic, this nice-to-have option will quickly turn into [a] must-have," Braunhut said.
5. Lock Everything Else Down.
When you know a surge in activity is coming, don't schedule other major projects for the same time period. The conventional wisdom surrounding major traffic events such as Black Friday is to go into lockdown mode. "[That means] no configuration changes, no new technology deployments or applications launched, nothing to disrupt a steady state," Stratus' Laurello said.
Let the bottom-line stakes make your business case for IT lockdown. That shouldn't be too difficult if your site does a huge chunk of its entire year's revenue during the holidays or any other specific stretch of time. You can at least ballpark the cost of a slowdown or outage based on your historical sales. Technology lockdown helps reduce the risk of system errors. It can also help keep that other major variable -- people -- in check.
"It’s a toss-up whether most downtime is caused by systems failure or human error. In our experience, the two often go hand-in-hand," Laurello said. "Either way, erecting an invisible fence around the IT infrastructure as the shopping season nears can improve your chances of surviving these crucial days unscathed."
Online retailers are stuck in a maze of e-business security and PCI compliance requirements. The new, all-digital special issue of Dark Reading gives you 10 Ways To Secure Web Data. (Free registration required.)