Holiday IT freeze opens retailers up to security risks

The holiday season is the most important time of year for many retailers. During this two month time period, businesses of all sizes experience a massive uptick in the number of customers that come through their doors, many of which are looking to crack open the wallet and spend some money. In fact, a report from the National Retail Federation reports that organizations make between 20 percent and 40 percent of their annual sales during this time period.

However, according to an article from Search Security, there is another thing that happens during this time frame and the impact is not positive. This is the "holiday IT lockdown." At its core, this is a freeze on retail technology departments when it comes to changing or upgrading any IT system during the last two months of the year. This is done so no critical system is suddenly offline while a POS software update runs and to prevent upgrade complications from delaying system use.

While it seems like a smart decision for retailers to make, it has a severe downside — security protocols are also put on hold. With no IT systems running, that means patches, configuration updates and firewall rule changes are put on the back burner. If one of those is needed to prevent a new form of malware from infecting POS software, it will not be installed.

Some IT departments also see an increase in the number of employees that opt for vacation time, as there is little for these workers to do if a freeze is in place.

However, this can also be an opportunity if used properly. Zane Lackey, director of security engineering for the e-commerce website Etsy, spoke with the news source and said that he notices a drop in the amount of code that is deployed during the holidays. However, with more free time, his team uses the holidays to prep for the projects that will be on the schedule starting in the new year.

"There's plenty of reason to have your hair on fire during the holidays," Lackey told the news source. "But I'd argue that most organizations are focused on security all year and not just during the holidays."

While the holiday season may be known for a slowdown in backend system upgrades, we are just a few days away from the start of a new year and the perfect time to upgrade the systems that have been ignored..With the help of a retail solution provider, any merchant can start upgrading for the future.

Scroll to Top