Keeping Your Business Cyber Secure This Black Friday
Table Of Contents:
Black Friday is nearly here, and with it, headlines about online retailers recording their “best day ever” (since last year) and articles titled “10 of the best deals on electricals this Black Friday”.
Along with this flurry of headlines and bargain deals will come tips and tools to keep consumers safe. For example, The National Cyber Security Centre (NCSC), in partnership with Action Fraud, released its Cyber Aware campaign this month. The campaign urges festive shoppers to ”bolster their cybersecurity” after new figures revealed victims of online shopping scams lost on average £1,000 per person in the same period last year.
What hits the headlines less frequently is how businesses can stay secure during this period. While Black Friday brings opportunity for business, it also delivers a heightened risk of cyberattack for many organisations.
The Cybersecurity Risks Facing Businesses This Black Friday
Phishing
Phishing attacks form the basis of many cyber attacks and are an issue all year round; however, during events such as Black Friday, cybercriminals’ success rates increase.
Fraudsters will jump on the opportunity offered by increased transactions and deals by phishing customers, sending increasingly sophisticated promotional emails barely distinguishable from legitimate emails and thus successfully capturing customer data, payment information and more.
And it’s not just customers at risk. Your staff also increase your risk profile; they are consumers and may use company devices when hunting for those Black Friday bargains, including engaging with phishing emails.
Weak Passwords
With over half of online consumers regularly using the same password combinations for work and personal accounts, according to Cifas, Black Friday is the perfect time for cybercriminals to try out large-scale brute-force attacks. A brute-force attack sees fraudsters attempting millions of potential password combinations until they get the correct result.
Once cybercriminals have these details, they not only have access to the initial compromised account, they potentially have access to many more, including corporate networks and business systems, dramatically increasing an organisation’s risk profile.
Fake Websites
Another cyber risk facing businesses is website impersonation. Cybercriminals set up fake websites with exceptional offers to try and compromise consumer data and financial details.
The fraudsters redirect consumer traffic from genuine company websites to malicious websites that convincingly impersonate the legitimate brand. They usually achieve this “by adding words to the company name, spelling words differently, or targeting a brand’s presence in a particular country” according to research from Silent Push.
Scammers will also install SSL certificates on these fake sites, creating the appearance of security and trust for unsuspecting users featuring HTTPS and the padlock symbol to suggest legitimacy.
The reputational damage for brands targeted in this way cannot be understated.
Social Engineering
Social engineering is another attack vector for businesses to be mindful of. For example, E-commerce businesses will likely see customer service queries dramatically increase during Black Friday, which cybercriminals may attempt to exploit.
Typically this attack method will be aimed at acquiring customer details or committing refund fraud, but ambitious fraudsters will try to avoid blocks using this method as well.
Social media scams are also prevalent, with offers and adverts targeting users with fake products and services entirely focused on compromising debit card details or committing online fraud.
Old Applications
An event like Black Friday provides the perfect cover for cybercriminals to test out the vulnerabilities of popular software and applications whilst attention diverts to ensuring apps can handle the sudden surge in demand rather than security.
Many consumers will suddenly be using apps they haven’t used or updated in months – giving cybercriminals accessible routes to exploit and gain access to business networks, customer data or login credentials.
How Can Businesses Stay Ahead of Black Friday Cybersecurity Risks?
Cybersecurity Awareness and Education
Implementing good cybersecurity training and practices on the methods and processes by which bad actors attempt to compromise systems and influence individuals’ behaviour is essential to stay one step ahead of attackers. These behaviours include:
-
Using strong passwords and a password manager
All your employees should use complex passwords and two-factor authentication and regularly change passwords. Set up a password policy with these requirements and ensure everyone follows it.
-
Recognising and reporting phishing
Ensuring your employees feel confident in how to report and flag potential phishing attempts is essential to tackling this attack vector. Empowering staff through clear policies, processes, and regular training will provide better security and information management.
Robust Technology & Information Security Management
Strong cybersecurity practices also cascade down into the systems organisations and individuals, use and, in the case of organisations, the policies they implement to promote robust security and information management processes.
Businesses should consider the following:
Data Protection – Appropriate processes and technical controls to identify, classify and securely handle organisational data in all its forms are essential. Tools such as information management systems or frameworks can help organisations to prevent cyber criminals from accessing corporate data through email, misconfigurations, and poor security behaviours.
Secure Configuration – Where possible, organisations should focus on secure engineering solutions from the outset instead of tacking them on later. This approach substantially reduces weak entry points into business networks for cybercriminals to exploit.
Access Management – Effective management of the rights and privileges of users and the use of controls such as multi-factor authentication on staff accounts can be a critical defence against the use of stolen credentials and unauthorised access.
Patching and Software Updates – Ensure regular installation of updates and patches for the software in your organisation and on your employee devices. Consider your ”bring your own device” (BYOD) policies and controls to ensure the most robust level of security.
Ensuring effective and proportional controls to manage organisational data and information will enable businesses to stay one step ahead of the increased cyber risks this Black Friday.
Demonstrating solid information management and risk management credentials will also increase customer trust and your business’s success.
Strengthen Your Information Management And Risk Posture Today
If you’re looking to start your journey to better information and cyber security, we can help.
Our ISMS solution enables a simple, secure and sustainable approach to information management with ISO 27001, NIST and other frameworks. Realise your competitive advantage today.