The 2015 holiday shopping season is shaping up as prime-time hacking season. And retailers who wait until November to button up payment security will be months behind the eight ball.

Malicious hackers are hard a work now, in the middle of summer, scanning for weaknesses in your Point-of-Sale and back office systems. Without proper security in place, they can lurk undetected for months before stealing your customer’s data.

There are a number of best practices to consider for payment security that can guide small and large businesses looking to improve payment security. Here are some data security principles that will prepare yours for the holiday shopping season and beyond:

1. Remember the basics

Criminals target the lowest hanging fruit. Make sure you have your basics covered, such as strong passwords, patching systems and maintaining updated anti-virus software. The vast majority of data breaches happen at this very basic level of security. If retailers do only these few things, they encourage hackers to move on to easier targets.

"Retailers need to make payment card security an ongoing, continuous effort."

2. Continuous monitoring

The difference between one record and millions of records compromised is the ability of an organization to detect and react to an intrusion. System logs should be reviewed on an ongoing basis and suspicious activity reported expeditiously. In one famous breach, enormous data files were being sent to a foreign country every Friday afternoon. No one could understand why, and the intrusion was stopped.

3. Prioritize technology

With EMV chip, point-to-point encryption and tokenization more affordable and accessible than ever, organizations need to leverage technology that can make the data worthless to attackers. Retailers can’t forget that the EMV liability shift is on the horizon. Point of Sale terminals need to accept EMV chip cards by October 2015.

4. Don’t neglect online security

Work with your website administrator to make sure your website uses the most up-to-date software patches and the most secure form of encryption. If your website still uses something called Secure Socket Layer (SSL) encryption, one of the most popular in the world, you should talk with your IT provider about upgrading to at least Transport Layer Security (TLS) encryption 1.2 or higher. Hackers have identified new ways to steal from sites that use the old SSL technology. It’s a safe bet that they have tested just about every online store to prepare for the holiday season.

Finally, and most importantly, retailers need to make payment card security an ongoing, continuous effort —seven days per week, 365 days per year. Just like the deadbolt on a door will only work if you lock it each day, payment card security only works if it’s prioritized on a daily basis.