MARKETING
6+ Cybersecurity Tips To Protect Your Customers During Holiday Shopping
As the pervasive shadow of Covid-19 recedes and slowly becomes a memory, many of the technologies and protocols we developed during that time remain. Global eCommerce retail sales have always experienced an annual incline. However, these figures have been boosted as more consumers have adopted online shopping and abandoned traditional brick-and-mortar stores.
With more shoppers online, cybercriminals are sure to become bolder and more opportunistic too. While consumers must practice proper cyber hygiene and protect themselves on the internet, eCommerce store owners are also responsible for ensuring that shoppers’ private information stays safe.
But how? What steps should you take to protect your customers during the holiday shopping season? This guide will share six cybersecurity tips you can implement starting now.
Why Is Cybersecurity Crucial for the Shopping Season?
A 2021 Verizon report revealed that 46% of all cyber breaches impacted small businesses. Due to the high cost of a breach in the form of fines and damage to their reputation, many of these businesses are now facing bankruptcy.
However, the most alarming statistic is that over a quarter of small businesses collecting credit card information have subpar cybersecurity or no security at all. With cyberattacks forecasted to spike during this holiday shopping season, eCommerce store owners must pay attention to their cybersecurity measures as much as they do to their marketing campaigns. But what should you look out for?
Most Common Cyberattacks Affecting eCommerce Businesses
The most popular exploits today include:
- Account takeover (ATO): Cybercriminals use stolen usernames and passwords to take over accounts. For eCommerce stores and businesses, this could be employee or administrative credentials to log into servers or client machines. Once the bad actor breaches the company’s network, they can gain access to the databases where confidential customer information is kept. They can then steal this information, sell it to the highest bidder or use it for nefarious purposes.
- Gift card and wallet fraud: There are numerous ways cybercriminals and fraudsters can initiate these types of exploits. They can hack into a company’s gift card database and scrape card and activation numbers. Alternatively, they can tamper with physical gift cards or attempt to use gift card number generators. Your business must be mindful of this potential entry point.
- Inventory exhaustion: Some online stores remove the item from the available inventory when customers add it to their shopping cart. This reserves the item for them, so it’s still available when they finally check out. Cybercriminals can use bots to initiate a hoarding attack. A bot will constantly add items to a shopping cart to create the illusion that it is out of stock. This denies the sale of the item for petty purposes or so that the bad actor can purchase it themselves when they can afford to.
- Bandwidth choking (DDoS attacks): Distributed denial-of-service (DDoS) attacks are one of the oldest tricks in the book. This is where a bad actor floods a website or web service with network traffic to overload and crash it, although it can happen to small online stores too.
- Content scraping: Cyberattackers may use bots to extract or copy all of your website’s content that they can use maliciously. For instance, they can duplicate your website and divert organic traffic from it, then use your website’s clone to steal information from your customers.
Cybersecurity Tips To Protect Your eCommerce Customers
So how can you protect your company and customers from the above attacks this coming holiday season?
1. Enforce Strong, Unique User Passwords
Many eCommerce stores require users to create accounts before they can make purchases. A 2021 GoodFirms survey found that 30% of breaches could be traced back to weak password policies and practices. Generally, the less complex a password is, the more susceptible it is to brute-force attacks. Your business must enforce strong password policies both internally (employees and administrators) and externally (customer profiles).
Here are a few characteristics of a strong password:
- Unique and different from your other login credentials
- Uses a mixture of uppercase and lowercase letters, symbols, and numbers
- At least eight characters long
- Does not contain any personal information, such as dates of birth or names of relatives/pets
Using strong passwords is one of the most important cybersecurity tips, and it’s critical that your business enforces this policy. It is also recommended that users (both your customers and employees) utilize a password manager.
2. Establish Cybersecurity Policies
Good cybersecurity awareness can thwart most exploits initiated by bad actors. Being able to identify fraudulent links and other phishing exploits is more valuable than trying to find a software solution that addresses all your cybersecurity concerns.
You and your employees must be updated on the latest cybersecurity practices and protocols. Consider hiring an expert who can walk you through the best practices. Your cybersecurity policies should be informed by the data privacy rules and regulations of the territories your business operates in. For instance, if you’re operating in the EU, you must be educated on the GDPR. If you’re operating within California, you should understand the rules of the California Consumer Privacy Act.
Any business that deals with payment information and credit cards must ensure that it is PCI-DSS compliant. The official PCI security standards council site has a list of guidelines to help companies keep confidential customer data as safe as possible.
3. Implement Additional Authentication
Concepts such as two-factor and multi-factor authentication have become extremely popular in recent years. Multi-factor authentication means implementing an additional form of authentication in addition to your user credentials. For example, after entering a username and password, you may choose to verify the login attempt through an email link or one-time code sent to a user’s phone.
4. Only Store Customer Data That You Need
Guidelines and regulations such as the GDPR don’t specify a time limit for how long you can keep a customer’s personal information. However, it’s important that you only store data that you need to provide services to the customer for as long as you need it.
It’s also important that you segment databases and data according to their importance. Credit card and payment information should be kept separate from general customer information and your business information. All data must be placed in secure encrypted databases.
5. Employ a DDoS Mitigation Solution
DDoS and other bot-related attacks can be mitigated through the right solution. However, you should first ensure that you have a disaster recovery site in place. If your attacker manages to shut your site down, you can roll the traffic over to a recovery site. Of course, this doesn’t always work, especially if the attack is DNS based.
Alternatively, you can purchase a dedicated server to prevent DDoS and bot attacks. Sometimes, your ISP or cloud provider may offer integrated DDoS protection. Do not hesitate to add this feature to the list of services. While bot-mitigating solutions such as CAPTCHA have been shown to decrease conversion rates, they’ve been proven to be somewhat effective against spam and bot attacks.
That said, cybercriminals have begun using more sophisticated tactics, such as machine learning to circumvent CAPTCHA checks. With cloud-based platforms and integrated memory systems being the driving force of machine learning adoption, more cybercriminals will have access to these tools.
As such, it’s important to implement a multi-channel mitigation solution. For instance, your mitigation solution should be able to detect any suspicious traffic coming from a visitor’s IP address. It should also be able to track any questionable customer activity, such as adding items to carts but not checking out.
6. Conduct Regular Software Audits
Your business should be employing all the necessary software tools to facilitate proper cybersecurity, including anti-malware solutions, firewalls, user account management tools, etc. You can hire a zero trust expert to help determine what software will suit your network infrastructure the best.
You also need to monitor your software stack and ensure that your operating systems, productivity/business software and cybersecurity software are all updated to the latest versions. This process can be made easier with cloud panels and workload automation software.
Conclusion
Many of the cybersecurity tips listed in this guide should be implemented regardless of the upcoming holiday shopping season. Nevertheless, your website and servers must be able to handle the usage influxes and traffic spikes that will be brought on by the holiday shopping season. One of the best ways to ensure holiday sales are not interrupted is to have multiple recovery sites to mitigate any downtime.
Next, your company must ensure that it’s up to date on the latest cybersecurity and network protection developments. You can only protect your customers if you protect yourself first.
MARKETING
YouTube Ad Specs, Sizes, and Examples [2024 Update]
Introduction
With billions of users each month, YouTube is the world’s second largest search engine and top website for video content. This makes it a great place for advertising. To succeed, advertisers need to follow the correct YouTube ad specifications. These rules help your ad reach more viewers, increasing the chance of gaining new customers and boosting brand awareness.
Types of YouTube Ads
Video Ads
- Description: These play before, during, or after a YouTube video on computers or mobile devices.
- Types:
- In-stream ads: Can be skippable or non-skippable.
- Bumper ads: Non-skippable, short ads that play before, during, or after a video.
Display Ads
- Description: These appear in different spots on YouTube and usually use text or static images.
- Note: YouTube does not support display image ads directly on its app, but these can be targeted to YouTube.com through Google Display Network (GDN).
Companion Banners
- Description: Appears to the right of the YouTube player on desktop.
- Requirement: Must be purchased alongside In-stream ads, Bumper ads, or In-feed ads.
In-feed Ads
- Description: Resemble videos with images, headlines, and text. They link to a public or unlisted YouTube video.
Outstream Ads
- Description: Mobile-only video ads that play outside of YouTube, on websites and apps within the Google video partner network.
Masthead Ads
- Description: Premium, high-visibility banner ads displayed at the top of the YouTube homepage for both desktop and mobile users.
YouTube Ad Specs by Type
Skippable In-stream Video Ads
- Placement: Before, during, or after a YouTube video.
- Resolution:
- Horizontal: 1920 x 1080px
- Vertical: 1080 x 1920px
- Square: 1080 x 1080px
- Aspect Ratio:
- Horizontal: 16:9
- Vertical: 9:16
- Square: 1:1
- Length:
- Awareness: 15-20 seconds
- Consideration: 2-3 minutes
- Action: 15-20 seconds
Non-skippable In-stream Video Ads
- Description: Must be watched completely before the main video.
- Length: 15 seconds (or 20 seconds in certain markets).
- Resolution:
- Horizontal: 1920 x 1080px
- Vertical: 1080 x 1920px
- Square: 1080 x 1080px
- Aspect Ratio:
- Horizontal: 16:9
- Vertical: 9:16
- Square: 1:1
Bumper Ads
- Length: Maximum 6 seconds.
- File Format: MP4, Quicktime, AVI, ASF, Windows Media, or MPEG.
- Resolution:
- Horizontal: 640 x 360px
- Vertical: 480 x 360px
In-feed Ads
- Description: Show alongside YouTube content, like search results or the Home feed.
- Resolution:
- Horizontal: 1920 x 1080px
- Vertical: 1080 x 1920px
- Square: 1080 x 1080px
- Aspect Ratio:
- Horizontal: 16:9
- Square: 1:1
- Length:
- Awareness: 15-20 seconds
- Consideration: 2-3 minutes
- Headline/Description:
- Headline: Up to 2 lines, 40 characters per line
- Description: Up to 2 lines, 35 characters per line
Display Ads
- Description: Static images or animated media that appear on YouTube next to video suggestions, in search results, or on the homepage.
- Image Size: 300×60 pixels.
- File Type: GIF, JPG, PNG.
- File Size: Max 150KB.
- Max Animation Length: 30 seconds.
Outstream Ads
- Description: Mobile-only video ads that appear on websites and apps within the Google video partner network, not on YouTube itself.
- Logo Specs:
- Square: 1:1 (200 x 200px).
- File Type: JPG, GIF, PNG.
- Max Size: 200KB.
Masthead Ads
- Description: High-visibility ads at the top of the YouTube homepage.
- Resolution: 1920 x 1080 or higher.
- File Type: JPG or PNG (without transparency).
Conclusion
YouTube offers a variety of ad formats to reach audiences effectively in 2024. Whether you want to build brand awareness, drive conversions, or target specific demographics, YouTube provides a dynamic platform for your advertising needs. Always follow Google’s advertising policies and the technical ad specs to ensure your ads perform their best. Ready to start using YouTube ads? Contact us today to get started!
MARKETING
Why We Are Always ‘Clicking to Buy’, According to Psychologists
Amazon pillows.
MARKETING
A deeper dive into data, personalization and Copilots
Salesforce launched a collection of new, generative AI-related products at Connections in Chicago this week. They included new Einstein Copilots for marketers and merchants and Einstein Personalization.
To better understand, not only the potential impact of the new products, but the evolving Salesforce architecture, we sat down with Bobby Jania, CMO, Marketing Cloud.
Dig deeper: Salesforce piles on the Einstein Copilots
Salesforce’s evolving architecture
It’s hard to deny that Salesforce likes coming up with new names for platforms and products (what happened to Customer 360?) and this can sometimes make the observer wonder if something is brand new, or old but with a brand new name. In particular, what exactly is Einstein 1 and how is it related to Salesforce Data Cloud?
“Data Cloud is built on the Einstein 1 platform,” Jania explained. “The Einstein 1 platform is our entire Salesforce platform and that includes products like Sales Cloud, Service Cloud — that it includes the original idea of Salesforce not just being in the cloud, but being multi-tenancy.”
Data Cloud — not an acquisition, of course — was built natively on that platform. It was the first product built on Hyperforce, Salesforce’s new cloud infrastructure architecture. “Since Data Cloud was on what we now call the Einstein 1 platform from Day One, it has always natively connected to, and been able to read anything in Sales Cloud, Service Cloud [and so on]. On top of that, we can now bring in, not only structured but unstructured data.”
That’s a significant progression from the position, several years ago, when Salesforce had stitched together a platform around various acquisitions (ExactTarget, for example) that didn’t necessarily talk to each other.
“At times, what we would do is have a kind of behind-the-scenes flow where data from one product could be moved into another product,” said Jania, “but in many of those cases the data would then be in both, whereas now the data is in Data Cloud. Tableau will run natively off Data Cloud; Commerce Cloud, Service Cloud, Marketing Cloud — they’re all going to the same operational customer profile.” They’re not copying the data from Data Cloud, Jania confirmed.
Another thing to know is tit’s possible for Salesforce customers to import their own datasets into Data Cloud. “We wanted to create a federated data model,” said Jania. “If you’re using Snowflake, for example, we more or less virtually sit on your data lake. The value we add is that we will look at all your data and help you form these operational customer profiles.”
Let’s learn more about Einstein Copilot
“Copilot means that I have an assistant with me in the tool where I need to be working that contextually knows what I am trying to do and helps me at every step of the process,” Jania said.
For marketers, this might begin with a campaign brief developed with Copilot’s assistance, the identification of an audience based on the brief, and then the development of email or other content. “What’s really cool is the idea of Einstein Studio where our customers will create actions [for Copilot] that we hadn’t even thought about.”
Here’s a key insight (back to nomenclature). We reported on Copilot for markets, Copilot for merchants, Copilot for shoppers. It turns out, however, that there is just one Copilot, Einstein Copilot, and these are use cases. “There’s just one Copilot, we just add these for a little clarity; we’re going to talk about marketing use cases, about shoppers’ use cases. These are actions for the marketing use cases we built out of the box; you can build your own.”
It’s surely going to take a little time for marketers to learn to work easily with Copilot. “There’s always time for adoption,” Jania agreed. “What is directly connected with this is, this is my ninth Connections and this one has the most hands-on training that I’ve seen since 2014 — and a lot of that is getting people using Data Cloud, using these tools rather than just being given a demo.”
What’s new about Einstein Personalization
Salesforce Einstein has been around since 2016 and many of the use cases seem to have involved personalization in various forms. What’s new?
“Einstein Personalization is a real-time decision engine and it’s going to choose next-best-action, next-best-offer. What is new is that it’s a service now that runs natively on top of Data Cloud.” A lot of real-time decision engines need their own set of data that might actually be a subset of data. “Einstein Personalization is going to look holistically at a customer and recommend a next-best-action that could be natively surfaced in Service Cloud, Sales Cloud or Marketing Cloud.”
Finally, trust
One feature of the presentations at Connections was the reassurance that, although public LLMs like ChatGPT could be selected for application to customer data, none of that data would be retained by the LLMs. Is this just a matter of written agreements? No, not just that, said Jania.
“In the Einstein Trust Layer, all of the data, when it connects to an LLM, runs through our gateway. If there was a prompt that had personally identifiable information — a credit card number, an email address — at a mimum, all that is stripped out. The LLMs do not store the output; we store the output for auditing back in Salesforce. Any output that comes back through our gateway is logged in our system; it runs through a toxicity model; and only at the end do we put PII data back into the answer. There are real pieces beyond a handshake that this data is safe.”
You must be logged in to post a comment Login