News & Insights

Holiday Online Shopping: Don't Be a Victim. Be Proactive.

WhiteHawk Inc.

Holiday Online Shopping: Don't Be a Victim. Be Proactive.

With the holiday shopping season upon us, potential cyber risks abound that can directly impact your company. There are many scams that cybercriminals can leverage.

On this past Cyber Monday alone, millions of people participated. According to Retail Federation and Prosper Insights & Analytics, almost 24% of US citizens partook in the largest e-commerce sales day ever this year. That is nearly 81 million Americans. The average American spent $633 on Christmas. According to Lendedu's research, 51% of those surveyed planned to do their shopping at the store, while 46% planned to do it online.

Why should Companies be concerned?

As employees look for a great bargain, it is safe to assume many will do their holiday shopping on company-owned devices or at work. This, in turn, exposes businesses to risks like phishing scams, ransomware, and other types of attacks. Zero Fox reported that phishing attacks increase as much as 336% around this time of the year.

Hackers love this time of the year because mega deals offered by companies are often fraught with weaknesses, making it is easy to create fake websites and steal personal information from customers. A hacker goal is to take full advantage of this hectic holiday period by using these online vulnerabilities.

Don't be a Victim. Be proactive.

-Change your passwords and make them strong using a formula of your design. RoboForm is a good place to start to manage your passwords and it's easy to install and use. Click here to view the product.

-Ensure your business proprietary information is kept private by limiting access.

-Install software updates or patches (many automated affordable approaches).

-Set up a formal cybersecurity training program that is on-going (E-Learning modules available).

-Test employees (e.g., send out imitation emails to test employee's awareness of cyber threats) - This is a commercially available service. KnowBe4 is a cybersecurity awareness and training platform that can help train employees to better manage the critical IT security problems of social engineering and ransomware attacks. Click here to view the product.

-Circulate stories and send out updates about cybercrime incidents across your team.

-Know the top attack methods:

-Phishing and spear-phishing attacks (this is a social engineering attack in which attackers impersonate a trusted entity and tricks a victim into clicking on a suspicious link in an email, instant message or text message.)

-Distributed denial of service attacks (also known as a DDoS attack. From a high level, a DDoS attack is similar to a traffic jam which clogs up the server/highways. DDoS attacks happen when a cybercriminal makes a machine or network resources unavailable to the user by disrupting the services. Multiple systems can be compromised as a result. The goal is to exhaust the resources of the target.)

-Ransomware attacks (is a type of malware that prevents or limits access to a system or network by encrypting files and withholding access until the victim pays a ransom to decrypt and/or release the files.)

-Fake retail websites (these are realistic domains that seem similar in name and layout, but they are not identical. Typically, victims are led to a fake retail website after using a search engine to look for the item or information of interest, and then click on a hyperlink that leads them to the false site. CNBC wrote an article in 2017 that explains how to spot a fake website here.)

Need help protecting your company from online crime and fraud? Start here. Also, check out our other stories that go into detail on how to raise your cyber risk posture and read about WhiteHawk's top tips here and here.