Don’t Get Grinched by Cybercrime During the Holiday Season: Picks of the Week
“5 Ways Retailers Can Stay Safe Over the Holidays” – Dark Readings
The holiday shopping season is about to get into full swing and retailers are gearing up for another record season of online sales. Research group eMarketer expects that online retail sales will bring in at least $94 billion – or 10.7% of the total retail sales – from now until the end of the holidays, a 17.2% increase in online sales from last year.
But as millions of consumers pick up their smartphones and tablets to go holiday shopping and flock the Internet as their preferred, convenient “one-stop-shop” for all gift-buying needs, hackers and cyber criminals are not too far behind… In fact, this is prime cybercrime season for digital crooks timing their phishing emails, malicious links, and other online scams and attacks to Black Friday, Cyber Monday, and through the rest of the holiday season. They prey on the naiveté of shoppers looking to score a holiday deal or take advantage of a special reward to trick them into downloading malware, giving up login credentials and credit card information, or send payments to bogus sites.
Consumers and retailers alike should be prepared for an even higher risk of online fraud and social engineering scams across all channels than in past years. A new report from cybersecurity company Kaspersky Lab shows that the number of online attacks during this high sales season is 9% higher than the average number of attacks that happen during other months of the year, and 2016 is on track to be a record season for online sales… and online scams!
While security experts continue to work to find possible solutions against the latest malware and scam techniques, here are some of my yearly tips on how to protect yourself from online Grinches this holiday season:
- Before, during, and after the holidays, keep an eye on your bank and credit card accounts for signs of suspicious activity, mystery charges, or “micro-charges” – Hackers often test cards to see if they are valid by charging small amounts of $1 or $2. If those cards are found to be valid, they can then sell them to other crooks for a premium. If you notice any unauthorized charges, immediately contact your bank.
- Buy only from reputable merchants and recognized websites – Be wary of emails and pop-up messages asking for your password, credit card number, or personal information. No established business would ask consumers to disclose such information via email or pop-up. Do not reply or click on the links in these messages as they may take you to copycat malicious websites. Instead, look for the ‘HTTPS’ in the address bar of your online retailer and check the specific email address and domain name of the sites to make sure it’s really from the retailer and not a close derivative. If in doubt, contact the legitimate organization directly to verify authenticity.
- Be aware of fake commerce apps – Download apps only from Google and Apple official app stores – which have more rigid requirements for banning malicious apps – and be skeptical of apps that ask for suspicious permissions like access to contacts, text messages, stored password, or credit card information.
- Avoid “free Wi-Fi networks” – Don’t use public Wi-Fi networks, especially when using your phone for banking and e-commerce. Personal and banking information should never be sent through unsecured wireless connections in public places. Get you Starbucks Peppermint Mocha and don’t stay for the free Internet!
- Be skeptical of deals that sound too good to be true – Do not fall for rock bottom bargains unless you make certain they are legitimate by contacting the merchant and asking questions before making a purchase. If a deal seems too good to be true, it probably is!
- Be alert for potential charity donation scams – Think before clicking on emails requesting donations. Make a contribution by navigating to the trusted web address of the charity, never through a link in an email.
- Use strong passwords and dual-factor authentication – Create long, complex passwords using upper and lower-case letters, special characters, and numbers, and use a different one for each online account. Various password management programs (1Password, KeePass, or LastPass) exist to help you manage your various passwords so that you are not overwhelmed. These programs are safe and secure, and they can generate hard-to-crack passwords for you.
- Do not send cash or wire money for payment – Pay with a credit card or, even better, gift/charge card. The best option is to keep a separate credit card for online purchases.
- Secure your computer and mobile devices – Update your devices to the most current operating system and keep your anti-virus and anti-spyware software up to date, along with your firewall. They will help monitor all online activities and protect your devices from viruses, worms, Trojan horses, and other types of malicious programs.
Some additional tips on how to protect your company from cyber threats and strengthen your overall cybersecurity posture:
- Protect your organization’s endpoints and servers – Scan your organization’s network environment for threats that may have been lurking for several months before surfacing as a malicious attack during the holidays. Harden your servers with good access control and security tools such as antivirus and antimalware software, and run frequent patches and updates. Consider advanced endpoint threat prevention tools that protect memory from experiencing distributed denial-of-service (DDoS) attacks and other complex advanced threats.
- Train your organization’s workforce – Before the holiday season starts, make sure all your employees receive at least some basic training in cybersecurity and cyber hygiene, and create an environment where they feel comfortable coming to managers if they see any suspicious emails or files.
- Have a documented and tested incident response plan in place – Make sure your employees know what to do and who to contact if they see something suspicious, and establish clear roles and responsibilities before a serious breach happens. The incident response plan should be regularly exercised and updated.
- Create a culture of security that starts from the top – if management is committed to a culture and environment that embraces honesty, integrity, security, and ethics, employees are more likely to uphold those same values. Cybersecurity is a shared responsibility!