Black Friday/Cyber Monday Security Tips & Tricks!

Cyber crime is causing more chaos than ever, and looms large for business owners as Black Friday and Cyber Monday approach, posing an enormous challenge to their online operations.

Retailers must protect themselves ― and their customers ― by being proactive about spotting scams, limiting the damage, and recovering quickly from any possible attack.

Black Friday kicks off the busiest retail season of the year, a stretch that’s both a major financial boon for retailers ― and a big opportunity for malicious cyber threats to strike. And strike they will. Taken as a whole, Black Friday and Cyber Monday are the World Cup for online commerce and cyber criminality!

Cyber Monday and Black Friday Scams

Online fraud, cyberattacks, and data breaches plague industries around the globe, powered by ever-evolving strategies designed to avoid detection and maximise disruption and payoff. Despite growing cybersecurity vigilance, attacks are on the rise and look like reaching another level during Black Friday and Cyber Monday.

Here are common ― and some less well known ― forms of cyberattacks that retailers must be aware of:

• Phishing: A hacking scheme that fools users into sharing sensitive information by disguising malicious links posed as legitimate-looking emails, attachments, and logos.
• Malware: Software that encompasses a variety of cyber threats such as viruses and trojans, malware infects a device or network and does intentional damage to that system by accessing sensitive information.
• Ransomware: This increasingly common form of cyber blackmail encrypts company data so that it is completely inaccessible, forcing the company to pay a ransom to regain control over it.
• Magecart/E-Skimming: Growing in frequency, this brand of malware infects online checkout pages to steal personal information of shoppers.
• Third party vendors: With multiple vendors providing support for online sales, their relative weakness when it comes to security can be a point of vulnerability for cybercriminals to exploit.
• Open-source software vulnerabilities: Code that anyone can view, modify, and augment is hugely valuable to e-commerce businesses, but if vulnerabilities exist in that code it’s a dangerous problem that can lead to massive data breaches.
• APT as a service: Advanced persistent threat groups that have traditionally been associated with politically motivated state-sponsored actions are now being hired to attack retail verticals previously untouched. These hackers for-hire can overwhelm small business security operations with sophisticated techniques that have not been planned for.

Retail Security Tips

So what steps can small businesses can take as the World Cup of Cybercrime approaches?

• Implement zero trust: Enforcing zero-trust solutions is essential: it restricts third party access to information the website has authorised and blocks access to consumers’ private and payment information.
• View your site as a customer: It’s important to keep tabs on how your website appears to customers themselves and not focus solely on the server side. Viewing it from the browser perspective can help spot issues that may signal a compromised site.
• Train your staff: The single biggest cause of a cyber attack is human error. Clicking on a bad link, not recognising a suspect email attachment, sloppy digital awareness, all of these can lead to disaster. Prepare staff by reviewing up-to-date threats, scenarios and recovery plans. We highly recommend our trusted partner KnowBe4 to achieve this.
• Backup your data: If you have sufficiently backed up your company’s sensitive data you will be less vulnerable to the pressure of having to pay a ransom in the event of a ransomware attack.
• Reduce software supply chain risk: The prevalence of third party vendor systems is a security challenge that must be addressed. Closely monitor and manage the configuration of any assets or information accessed by third party vendors, and implement a secure development lifecycle to make sure vendors are applying security controls and following secure coding practices.

The current threat landscape poses extreme risk to every business, no matter the size or vertical. This should force business retailers to embrace a dedication and awareness of relevant protections that can help them fend off a cyber attack.

CSW-IT works closely with a handful of carefully selected security partners that have helped our customers significantly reduce cyber crime. If data security is top of mind heading into the “World Cup” of cyber crime, see below for a host of FREE Security Trials with our most trusted partners, and feel free to reach out if you have any questions.