Black Friday and Cyber Monday: Full of Deals or Cybersecurity Steals?
Jessica Dore leads Rehmann’s Technology Risk Management Group, overseeing cybersecurity assessments, information security assessments, vulnerability and penetration testing, social engineering testing and information security training. Below are her tips for businesses to stay safe during the biggest shopping spree of the season.
In 2018, consumers spent a record-breaking $6.22 billion while shopping on Black Friday. Similarly, Cyber Monday sales alone set a record $7.8 billion on spending. Consumer spending on holiday retail is expected to increase 4.5% to 5% this year, rising to more than $1 trillion.
Just as frequently as sales pop up around the holidays, so do global fraud attempts. With increased exposure to spam and hackers, businesses of all sizes should prepare to stay safe during the biggest shopping spree of the year. The importance of cybersecurity and protecting against malware, hackers and cyber-attacks is elevated for individuals and businesses alike during the holiday shopping season.
The heightened risk can be attributed to increases in shopping and online traffic. This time of year, individuals receive an amplified number of emails related to shopping and online purchasing. Hackers, in turn, know individuals are more receptive to targeting than ever and will often attempt to make a person click a link for a fake deal or coupon.
Businesses are only as safe as their cybersecurity strategy is, and employees are subject to threats and can be prone to receiving illegitimate emails. Companies must properly arm their employees with the knowledge of potential risks, especially all the techniques hackers use around the holiday season. Whether it’s free offers, pop-ups or coupons, ensuring employees are aware of malicious tactics is the most important safety exercise.
Organisations should encourage employees to be cautious through company-wide emails, hosting training sessions and mentioning tips during staff meetings.
Hackers are continuously targeting businesses and trying to get employees to click on links or open attachments by creating fake addresses, names and attaching malicious documents. During November and December, employees may use their work emails and computer programs to do personal holiday shopping or gift-giving.
Hackers may also try to infiltrate a company’s website or intranet. This can happen at any time and may already be underway if the company’s website is not properly configured. While it may seem obvious, an important first step is instructing employees to use secure passwords and implement multi-factor authentication wherever possible. If insecure processes are used, hackers may be able to get malware onto machines and into the company infrastructure. Another primary business risk to be aware of is false wire transfers. With the heightened level of online transactions, it’s crucial to keenly monitor accounts payable.
The best strategy to avoid falling prone to a cyberattack is awareness among an organisation’s employees.
Cybersecurity awareness can be disseminated across a company in a number of ways. Organisations should encourage employees to be cautious through company-wide emails, hosting training sessions and mentioning tips during staff meetings. The more the message is in front of the employee, the more likely it is to be effective. Top preventative tips for employees include visiting known website addresses instead of following links from other platforms, being alert at all times and using multi-factor authentication.
Businesses can keep hackers out by encouraging employees not to click on questionable links, taking the time to pay attention to threats and having multi-factor authentication in place. Firewalls also serve as a crucial layer to cybersecurity. The more barriers a company can put up in front of hackers, the more difficult it will be to compromise a system.
The holidays are a heightened time of vulnerability for consumers and organisations alike.
Company leadership should also arm employees with reactive steps to take if they do fall victim. Employees should be aware that they need to immediately report the potential hack or questionable activity to the organisation’s IT team. The sooner the activity is reported, the better. Once reported, the IT team can investigate the matter and potentially prevent harm to the system before it occurs.
Every IT department should have an incident response plan in place in the event any data is compromised. If there is a breach, proper planning will outline the appropriate authorities to contact and resources available to help with recovery from the hack. If you don’t have an incident response plan in place, contact a financial services or cybersecurity firm with extensive experience. An external partner should be able to assist with the development of a cybersecurity plan and test the existing infrastructure for potential vulnerabilities.
Unfortunately, user error is often inevitable. For that reason, organisations should also have an effective monitoring system in place. This will provide proper controls to detect a hacker trying to get into the system. Software should include intrusion detection and prevention, properly configured firewall and advanced endpoint protection, all of which will prove vital in a time of cybersecurity need. These systems will alert the company if there are suspicious events or activities within the network.
Companies cannot rely on security software alone for monitoring. Organisations must ensure their computer systems are up-to-date and modernised through patches, which are provided by software companies when a vulnerability in the software is exposed. If software is outdated, it will provide an additional entryway for a hacker to access the network. Additional anti-virus and anti-malware programs can aid in picking up on any zero-day exploits or hacks to unpatched software.
The holidays are a heightened time of vulnerability for consumers and organisations alike. With that in mind, businesses must prioritise cybersecurity awareness and best practices. Employees must also play an active role in being mindful of their activities online—from clicking on links to opening attachments and inputting private information.
Organisations should implement cybersecurity practices year-round, with heightened awareness around the holidays. From monitoring to proper controls, each layer of security will provide additional barriers from outside threats. As holiday retail spending reaches more than $1 trillion this year, it’s high time organisations refresh and review cybersecurity training, software and crisis response plans.