Dear Booksellers,

I hope this is the absolute last thing you’ve been thinking about. If that’s the case, then you’re not the bookstore on the East Coast that recently suffered a ransomware attack, or the bookstore in the south that just had four chargebacks on fraudulent web orders, or the West Coast bookstore that just had a shadow site mirroring their own website show up overnight linking buy buttons to Barnes & Noble. Turns out the bad guys have a lot of free time while sheltering in place and cyber crime is on the rise. This is a good time to get your cybersecurity affairs in order to protect your store, now and for the future. Here’s a recommended cybersecurity checklist:

  1. Are all of your operating systems updated? Updates contain the files needed to combat the latest known viruses.

  2. Do you have anti-virus and anti-malware protection on all of your computers? Is it updated? (A computer virus is a program that, when executed, modifies your computer programs for evil instead of good. Malware is software designed to disrupt or damage your system. Computers can become infected with either when someone clicks on a bad link or downloads a bad attachment.)

  3. Have you trained your employees on cybersecurity? Are they exercising caution when clicking on the above-mentioned links or downloading the above-mentioned attachments, for example? Bad guys are taking advantage of people’s COVID-related anxiety right now and embedding contaminated links in news articles or in emails. A reader may feel compelled to click on a link like “Most recent COVID numbers” without hovering over the link first to confirm that the link is what it appears to be. In general, it’s a good practice to train staff on the following:
    • Be skeptical of emails you did not expect and are out of character.
    • Be wary of links on “news” sites you’ve never heard of, or “cybersecurity” sites. These may have been set up for the sole purpose of getting readers to click a contaminated link.
    • Hover over a link to check the underlying address before clicking, and check email properties to ensure that the sender’s email address matches.
    • Better yet, don’t click directly on links; type the web address into your browser instead.
    • Only open attachments from people you know.
    • Don’t open attachments from people you know if they are forwarded. The person may inadvertently be forwarding an attachment with a virus.
    • If in doubt, forward suspicious email to a manager or IT person for review.
    • Be skeptical of scam emails that look like they are from a company you know (like a bank, credit card company, or Netflix). These emails will often tell a story — “We’ve noticed suspicious activity on your account,” for example — then ask you to click on a link to review. If in doubt, always call the company directly using a number that you’ve verified (from more than one place).

  4. Are your password systems on point? Make sure all of your store’s passwords are complex (at least 10 characters with a combination of upper and lowercase letters, numbers, and special characters) and/or long (like: OrangesApplesDriveCarlsTimeZoneMachine — a very long, random phrase may be just as hard for a bad actor to crack, but easier for you to remember); unique (don’t re-use the same passwords or recycle old passwords); unexpected (don’t use your birthday); and current (passwords should be changed regularly and when there are staff changes). A password manager like Lastpass or 1Password can help make this daunting task much simpler.

  5. Are you and your staff using multi-factor authentication? After supplying a password, confirming your identity by entering a texted code, connecting a physical device, or scanning a thumbprint can greatly increase security.

  6. Is your on-premise file server behind a locked door? Are mobile devices, like iPads and Square readers, locked up when not in use?

  7. Are you backing up daily to an external drive or the cloud? In the case of a fire, your cloud backup will be sufficient. But in case of malware where your system is infected, your backup may also be infected or inaccessible.

  8. Do you have the firewall options in each computer’s operating system turned on? The answer should be yes.

  9. Does your store have cybersecurity insurance? This relatively inexpensive insurance can cover direct losses related to cybersecurity breaches, including downtime, the recreation of data, and direct remediation costs. The East Coast bookstore that recently suffered an attack was grateful that they had cybersecurity insurance to cover their costs and to instruct them on what to do.

  10. Have you trained your e-commerce staff to watch for red flags on fraudulent orders?

  11. Have you registered your store’s name/logo as a trademark? This is a simple, inexpensive process that you can do yourself online that can protect your bookstore in multiple ways. Consider registering domain names similar to your store’s domain name as well. Green Apple recently had someone set up a fake website that looked similar to theirs — greenapplebooks[dot]com and greenapplebookstore[dot]com. Luckily, Green Apple is a registered trademark and a simple cease and desist letter resulted in the immediate removal of the shadow site.

  12. Have you reported any internet fraud you’ve experienced? Reporting is easy. Taking this step may give your store support around the incident, but it also helps the FBI fight cyber crime by tracking scams.

ABA is here for you. Please reach out if there is anything we can help with. We are an incredibly creative, resilient, supportive industry. We’ll get through this, together.

Best,
Allison

American Booksellers Association
333 Westchester Ave., Suite S202 
White Plains, NY 10604 | 800-637-0037 
[email protected]www.BookWeb.org

Unsubscribe