Beware & Buy - Avoiding Cyber Traps During Holiday Sales

Black Friday and Cyber Monday are the busiest shopping days of the year. According to Bitdefender, consumers spent $9 billion online last year, up by 22% on 2021. In 2022, Cyber Monday generated a whopping $11.3 billion in revenue alone.

Unfortunately, the boom in retail business comes with a matching risk: cybercrime.

Cybercriminals, consistently active throughout the year, intensify their efforts on these two days, capitalizing on individuals' pursuit of limited-time offers and discounted prices across a myriad of products.

Customers get a kick out of securing a bargain and they don’t want to miss out on a good deal. While they may overspend or buy stuff they hadn’t planned, they also tend to lower their guard when shopping online, especially with fantastic deals appearing in their inbox (especially when they are at work).

Cybercriminals make the most of this behaviour by launching various cyberattacks, including phishing campaigns, ransomware attacks, Magecart/E-skimming, supply chain attacks, fake DDoS verification pages and the always-present malware exploiting software vulnerabilities.

Cybercriminals use a customer’s sense of urgency and fear of missing out (FOMO) to deceive them into clicking on malicious links or sharing personal information.

Raising cybersecurity awareness is crucial well before Black Friday and Cyber Monday, both from the customer's perspective and the cybercriminal's point of view.

Heightened emotions and urgency can lead to impulsive decisions and increased vulnerability to scams and fraud - falling victim to phishing attacks, counterfeit websites, or identity theft, leading to financial losses and emotional distress.

For cybercriminals, every individual is a target, even more so if they are using business devices to buy stuff. They know that people check their personal email at work and are willing to click on a link or attachment in an email because the offer is just too good to be true.

If you own a business, it pays to step up security awareness efforts before this shopping spree weekend. Employees may use their own devices, but most organisations do not mind them checking out websites or email on company devices when they are on their lunch break, for example (every business should have an Acceptable Use Policy).

Most IT teams will be aware of these risks and take the necessary steps to mitigate the risk. Some businesses, however, do not have someone focusing on security so a helping reminder would not be amiss.

Here are some things worth reviewing:

1. Update your software and systems. If employee PCs have not been updated in a while, it’s time to do so. Unpatched software and systems are a major risk.
2. Backup your data. When was the last time you backed up your data? If you have backups, when did you last test them? The last thing you want is a ransomware attack and no backups from which you can recover your data.
3. Train your staff. Send a memo to all your employees on how to spot and avoid phishing emails, malicious links, fake websites, and other online scams. Remind them to use strong passwords, avoid public Wi-Fi, and report any suspicious activity or incident.
4. Monitor your network. Keep a vigilant eye on network activities to detect any unusual or malicious behaviour, including unauthorised access, denial-of-service attacks, or data exfiltration.
5. Implement multi-factor authentication. Multi-factor authentication (MFA) is a security measure that will stop most phishing attacks but beware of MFA fatigue.
6. Review your policies and procedures. Do your employees know what to do if they do the unthinkable and fall for a phishing scam or ransomware attack? You need to have clear and updated policies and procedures for cybersecurity.
7. Find an IT partner. If you don't have the resources or expertise to handle cybersecurity on your own, find a trusted cybersecurity partner who can help.

Cybersecurity is a challenge for every organisation. An attack will happen one day. Is your business prepared to deflect that attack? If the answer is no, it is time to take the right steps to correct your security posture.

The cost of not doing anything more often than not results in crippling consequences. Reach out to us using the form below and one of our experts will answer any questions you may have.