It's happened. Black Friday weekend, stretching into Cyber Monday, has been and gone and we're all still here to tell the tale.
Amid some seriously good value deals, and some less good value deals (check Camel Camel Camel before you buy), there have been a lot of petrified retailers in the last week or so.
That's because Black Friday can be as damaging as a DDoS attack if you're not prepared for it: around 23 million UK consumers were planning to hit the shops in person or online this weekend to find the best deals. If the traffic is too much for your servers to cope with, your site may well crash as a result.
Nobody wants that. It leads to plenty of frustrated shoppers angrily hitting the refresh button on their mobile or desktop. But the longer reputational damage is worse -- why would people come back if your site doesn't work?
If you weren't quite prepared for this year's Black Friday sales, luckily we have some tips so you'll be better equipped next year.
Get started early
And we mean early. The Entertainer's IT director, Sue Dorkin, met with her infrastructure providers in March 2013 to plan for peak traffic throughout 2014. That involved evaluating the website's infrastructure for weak spots and working to strengthen them by running thousands of fake customer journeys through the live site, till the website was straining under the load.
"Don't test in a test environment that doesn't emulate your live environment because it will never give you the same answer," she said at the time.
Spin up extra servers to cope with demand
Depending on whether you have a flexible cloud provider or not, you can mitigate the extra demand by scheduling more servers in advance. Of course, it's expensive to run these all the time, so ideally you want to be able to provision these servers while looking at a map of this year's busiest times, and plan accordingly. You'll need a provider who's capable and scaling your infrastructure up and down as necessary, though.
Javvad Malik, security advocate at cyber attack expert AlienVault, said: "Having 10,000 legitimate customers hitting a website will have a similar impact as a DDoS attack, except the customers are genuine. Therefore, similar measures can help prepare for the onslaught of traffic. These can include spinning up extra cloud instances or temporarily upgrading the infrastructure to deal with the larger volumes."
Don't forget Point of Sale systems
While you strengthen your website, don't forget about your physical store security. By nature, PoS devices are easier to target simply because they are in a physical location, making it easy for a good hacker to install malware.
"The malware used to target PoS devices scrapes the details of every card that passes through the payment machine and can even record PIN numbers," warned Matt Aldridge, solutions architect at Webroot. "Ahead of Black Friday retailers need to run regular virus checks, make sure the PoS software is up to date and ensure the devices are not left unattended to minimise the chance of being successfully targeted."
Phishing campaigns
Don't forget that your staff want to go shopping too. Just like your customers, they will be keeping their eyes open for good deals, and this means they become easy targets for phishing emails designed to use them as a gateway to your corporate systems.
Business telephony firm Beaming's MD, Sonia Blizzard, said: "Clicking on one erroneous link can expose a business, its entire network and everyone they trade with to greater risk of data theft and computer viruses, the bills for which can be enormous.
"Employers can use Black Friday and Cyber Monday as an opportunity to educate their people. They should have honest conversations about cybersecurity, encourage people to speak up if there is any possibility of a breach and create goodwill by allowing staff to shop online during breaks, something we recommend is done away from their desks."
