NAVA warns about four security mistakes e-commerce businesses need to avoid during Black Friday

Last Friday of this month marks Black Friday, a period characterized by promotions, but also by a significant increase in fraud and scams. According to the 2024 Brazilian Public Security Yearbook, virtual fraud crimes could increase by up to 13.6% during this event. While much discussion centers on how consumers can protect themselves from attacks, there are also strategies e-commerce businesses can employ to prevent criminals from exploiting their information. 

The increase in online traffic and transactions during Black Friday puts e-commerce businesses at risk. To help companies prepare, NAVA Technology for Business shares four mistakes e-commerce businesses should avoid to increase security during Black Friday.

1- Fragile technology infrastructure: Many sites are not prepared to handle the high volume of traffic. It is essential to review all infrastructure elements, especially communication links, to ensure the stability of the digital environment.

2- Data security limited to Black Friday: Security should be a continuous process, integrated into corporate governance, and not just a concern during specific times of the year, like Black Friday. Companies that invest in security development, testing, and implementing robust security practices in their technology environment, whether in the cloud or on-premises, throughout the year will be better prepared to handle traffic spikes and threats.

3-Lack of Zero Trust concept: Traditional security controls may be insufficient for today's environment. Implementing a Zero Trust approach – which continuously validates users and devices – helps protect the digital environment more comprehensively.

4- Lack of team training: It is vital that e-commerce operations teams be trained throughout the year. Prepared professionals are better able to identify and resolve problems more efficiently during the Black Friday period.

Fraud Protection

Beyond the checks mentioned, companies need to adopt specific technical precautions in the virtual environment. Cloud-based e-commerce businesses must follow practices that ensure security and compliance, starting with defining security responsibilities, separating the controls that fall to the cloud provider from those of the company itself. "Adherence to security standards, such as those of the Cloud Security Alliance (CSA), is also necessary to protect data and transactions. Regular reviews are recommended to ensure that all security controls are correctly implemented and functioning with a high degree of reliability," says Edison Fontes, Chief Information Security Officer (CISO) of NAVA.

The executive also warns about the threat of increased AI use by cybercriminals. While AI can be an ally for companies, organized crime also uses it for more complex attacks. The speed and volume of data that AI allows to process are exploited to increase the number and complexity of intrusion attempts. "Anticipating these threats involves investment in AI Monitoring that identifies suspicious behaviors that may indicate malicious AI use," the expert adds.