Black Friday and Cyber Monday are one of the busiest days of the year for businesses… and cyber criminals. According to TransUnion, ransomware attacks spike by staggering 40% during this period, as attackers exploit the chaos and increased online activity.
It’s been noted by many investigators that cybercriminals often start planning these attacks months in advance. So, how can you stay ahead of them?
Here are our essential practices to keep your business and customers safe this holiday season.
Should your business be worried about Black Friday scams?
It’s not just consumers who fall victim to scams; businesses are prime targets too.
While shoppers are often reminded to avoid fake websites, use secure payment methods, and update passwords, businesses must contend with even greater risks.
Cybercriminals know businesses hold valuable data, making them ideal targets for ransomware attacks and data breaches. These breaches give attackers access to a wider group of targets by offering up your customers as their next victims. Black Friday is the best time for cybercriminals to do this, as it’s a busy time of year where employees are working under increased pressure and workloads, leading to vulnerabilities criminals can exploit.
The increased traffic during Black Friday and Cyber Monday provides the perfect camouflage for malicious activity, making it harder to detect attacks in real time. Without adequate protection, the fallout from an attack can be catastrophic: financial losses, reputational damage, regulatory fines, and eroded customer trust. For some businesses, the repercussions are so severe that recovery becomes impossible.
Top tips for staying secure
1. Equip your team with the right defences
At SupPortal, we strongly recommend training your team to be cyber-aware year-round; however, to prepare for this period, additional training is beneficial. The most effective training for Black Friday is recognising potential threats, whether it’s phishing emails or suspicious activity that may otherwise be the catalyst for a largescale attack. Establishing clear reporting procedures is vital, giving your team procedures to follow when encountering a potential threat to ensure it is dealt with promptly.
Setting boundaries for what is and isn’t appropriate on work devices and networks during Black Friday is essential. BYOD policies or employees accessing personal accounts on work devices carry the biggest risks. As consumers, your employees can fall victim to fake websites, phishing emails, and corrupted payment portals that provide attackers a gateway through your defences. Nobody wants to be the bad guy, but limiting device and network usage makes all the difference.
2. Don’t get caught out by outdated or weak systems
Unfortunately, cybercriminals aren’t stupid; they know it’s far easier to gain access to a business’s data by finding its Achilles heel. After all, why break in if a door’s been left open for you?
Updating systems and practicing patch management is the most effective way of preventing this. Cyberattacks leverage vulnerabilities in outdated systems, so removing these eliminates points of entry. Overhauling entire systems in the lead up to Black Friday may not be possible due to time or budget constraints, so focus on the most critical areas. For example, if you run an eCommerce site, focus on the most common entryways, such as payment platforms, customer databases, and the online shopfront itself. Acting sooner rather than later betters your chances of staying secure throughout this period, so don’t delay!
3. Prepare for the worst with optimised backups
Worst-case scenario: attackers gain access to your systems and hold data for ransom. If you’re not using backups to correctly store and manage data, this could mean major, lengthy disruptions and losses. In the event a system crashes or your business is hit with a ransomware attack, having backups means you can quickly restore operations.
There are numerous backup options that we could recommend, but the right option will differ depending on each organisation’s requirements. Local storage on servers or devices is arguably most secure; however, it requires careful management and is often limited in access. Cloud storage is popular with many businesses for its convenience and accessibility; however, businesses must be mindful of the security measures necessary to keep this storage secure, such as 2-factor authentication.
4. Cybercriminals hate secure networks, so create one!
A secure network is made up of firewalls, anti-virus, multi-factor authentication, and more. Firewalls are an efficient way of monitoring traffic to and from a company device, offering a clear view of who is accessing information to reduce hacking attempts and unauthorised access. Anti-virus is also essential; you can’t be everywhere at once, so using anti-virus to spot and remove suspicious software from devices ensures you’re always covered.
Secure access contributes towards a secure network, which is why making multi-factor authentication and role-based access control common practice is essential. Multi-factor authentication requires multiple authentication methods to gain access to a device or system, meaning cybercriminals cannot gain entry purely from a stolen password. Enforcing strict role-based access control limits the number of employees cybercriminals can exploit.
5. Help yourself by helping your customers
We’ve discussed how cybercriminals can attack your business, but did you know they can use your business to attack your customers?
Whilst not directly attacking your business, this still has a significant impact on your business’s operations and reputation. A common scam attackers use, particularly on Black Friday, is using technology to intercept transactions. This allows a cybercriminal to not only intercept a transaction and prevent it from reaching your business but also allow them to access sensitive data from your customers, which can be exploited further. Businesses may assume that they’re not responsible for these attacks and face no repercussions, but this couldn’t be further from the truth. The reputational damage caused by attacks of this nature is detrimental and has the potential to ruin a business’s profitability. Using secure payment channels with PCI DSS (Payment Card Industry Data Security Standards) compliance reduces this risk to prevent devastating implications for your business.
Criminals also use fake websites and communications, expertly designed to mimic those used by credible organisations, to trick victims into handing over data. Make it explicitly clear to your customers ahead of Black Friday exactly how and when they can expect to be contacted to help them spot and avoid these scams. Provide additional channels for customers to contact you to report attacks or check the legitimacy of any communication they received from your business.
Trust in SupPortal
With an already mounting workload in the lead up to Black Friday, the pressure of enhancing your business’s cybersecurity can seem overwhelming. This is where we can help. At SupPortal, we’ve combined decades of experience with expertise on the latest developments in cybersecurity to provide tailored, dedicated support to help your business stay safe and secure.
Don’t let the pressure weigh you down. Get in touch to see how we can help keep your business secure for Black Friday and the future: https://supportal-uk.com/contact/
