Even if you aren’t normally a big shopper, chances are you’ve filled your share of digital shopping carts in recent weeks. A PWC report found that more than 50% of people make online purchases every month — a number that no doubt increases during the holiday season. While you may or may not keep your holiday shopping confined to evenings and weekends, the fact is that millions of employees shop online with their work laptops on business networks during November and December. Combine that upswing in risky usage with the normal holiday cyber threats, and it increases the odds you’ll get something that wasn’t on your wish list: malware.
The holiday season brings an increased risk of ransomware for online shoppers, resulting from spam emails and phishing attacks. But the threat vectors are more numerous today than in years past, as the growing number of employees shopping online means more company data is at risk than ever before. That’s why it’s vital for companies to carefully address gaps in their security systems and educate their teams on safe cyber behaviors — during the holiday season and beyond.
Predictions For Holiday Threats
Thanks to the upgraded chip-based point of sale (POS) systems now installed by most large retailers in response to high-profile data breaches, POS-based attacks have dropped drastically in the past two years.
My cybersecurity firm saw this firsthand as well. Research we gathered through our Global Response Intelligence Defense (GRID) Threat Network indicated that POS-related malware threats decreased year over year from 2014 to 2016.
That should be heartening to anyone who recalls the major breaches of 2014. However, with that decrease, we have seen a dramatic increase in spam and phishing threats. We saw spam attacks increased 200% during cyber week. These attacks increased even more just before Thanksgiving and Black Friday compared to 2015.
How Mindfulness Around Security Can Help
A little extra security and mindfulness can go a long way. You can plan ahead against company-wide holiday cyber attacks by taking these precautions:
Inspect all incoming data to stop advanced persistent threats like ransomware by enabling SSL decryption and deep packet inspection on all traffic.Since video streaming is a notorious gateway for malware, manage network bandwidth to limit or stop employees from streaming.Make sure your company is using EV SSL certificates for your websites.It is a good idea to caution your employees to only shop on websites with HTTPS in the web address and a green lock icon in the address bar, which indicates stronger security.Back up your business-critical data just in case an attack does occur.
But, of course, one of the most effective cybersecurity tools is education. Make sure your employees know how to identify and avoid suspicious advertisements, emails and links. Remind employees of the following:
Do not click on URLs in emails without first checking where the URL leads.Only download plug-ins directly from vendor’s websites such as Adobe and Microsoft. Never download a plug-in from a link in an email.Be particularly cautious about emails from businesses you do not recognize.
Better still, request they do their online shopping from devices that are reserved for personal use and never connected to your network. It may be inconvenient, but it will ensure your network steers clear of re-gifted malware this holiday season and beyond.