Cybercriminals always follow the cash. In 2019, U.S. consumers spent more than $600 billion on e-commerce purchases, a 15 percent increase from the previous year’s online sales. And, $28 billion of this spending took place during the holiday season.
2020 has been unpredictable. But with holiday e-commerce sales expected to increase 25 percent over last year’s sales, it’s a safe bet that Americans will be spending billions of dollars online between Black Friday, Cyber Monday and the end of the traditional holiday retail season. And it’s all but inevitable that we’ll see an increase in phishing attempts, account takeover fraud, phony website launches and other nefarious activities this year, too.
CISOs and Directors of Information Security are currently facing a host of new challenges. With the sudden and large-scale shift to remote work, the people responsible for protecting the organization’s intellectual property are increasingly being called on to act as internal consultants for all employees – from executives to frontline workers. For some, it’s the first time they’ve worked from home during a holiday season.
In many organizations, the boundaries between employees’ home networks and corporate computing environments have blurred. This means that what people – or their kids – are doing on their home computers can impact the security of their employers’ networks in new ways.
To help security professionals remember the all-important basics for staying safe online during retail’s busiest season (and provide a resource that’s easy to share with just about anyone), we’ve put together this list of quick tips.
#1: Only visit and buy from reputable brands’ websites.
Avoid making purchases from unfamiliar companies, especially if the price you would be paying for the item is much lower than what it’s selling for elsewhere or they claim to have an item that is widely known to be out of stock.
Also, beware of misspellings or “near misses” of popular brand names. And, remember that the name of an e-commerce website with up-to-date security will begin with “https” instead of just “http.”
#2: Look out for telltale signs of phishing.
Phishing attempts are more common at this time of year, and people are more likely to click on links when they’re rushed, stressed or highly emotional. Grammatical errors and spelling mistakes are a clear sign that something’s not right, as are brand logos that look slightly different than usual. When in doubt, just don’t click!
Whether you’re interested in checking out an offer (especially those that seem to good to be true – see tip #1!) or you need to track a package or check the status of an online order you placed, it’s safer to visit the website of the retailer or shipping company, directly. To avoid falling for a phishing scam, don’t click on links in emails. Instead spend the extra 30 seconds it takes to open a browser, enter the known URL for the site and proceed accordingly (and safely).
#3: Monitor your bank and credit card statements and consider changing card numbers regularly.
Not only will reviewing all of your statements on a regular basis enable you to spot signs of fraudulent activity quickly, but it can also help you detect errors or duplicate purchases you accidentally made.
Another tip: request that debit and credit card issuers provide you with a new account number every six months. If your financial information is stolen in a retailer’s data breach, this will reduce the chances that criminals will get ahold of valid account information.
#4: Enable two-factor authentication and use all other standard security precautions.
Most retailers make account protections available when you set up a new account – use them. Multi-factor authentication is a cybersecurity best practice, and it’s always a good idea to employ it.
We don’t recommend using single sign-on services like the “Log in with Google” or “Log in with Facebook” options that you’ll see on e-commerce sites. These services allow Google or Facebook (or whoever else is providing the login capabilities) to share data about you with the online retailer, as well as to collect data about your purchases from that company. And, let’s face it, social media networks don’t have a strong reputation for protecting consumer privacy.
In addition, signing-in to multiple accounts with a single login leaves them all as vulnerable as the one with the weakest security. If your social media account were to be hacked, the other accounts linked to it would be open to the criminals as well.
#5: If it looks too good to be true, it probably is.
We can’t say it too many times, trust your gut. If you feel like something’s out of place, ask someone who understands data privacy and security issues before moving forward. Whenever you see a great deal that’s ending soon and you have to take action now, it’s smart to double check the seller’s reputation at the very least.
Need more advice on how to protect your employees and your data during the upcoming holiday season? If you want to achieve better security but aren’t sure where to start, schedule a free consultation with a member of our team of experts, today.