There is no escaping, Black Friday and Cyber Monday are coming. Officially, Black Friday is November 26 this year, followed by Cyber Monday on November 29, but promotions and announcements have already been in full swing for weeks.
Even if you don’t want to, it’s difficult as a customer and as a company not to participate in the Black Friday and Cyber Monday rush.
How do you navigate your company, your digital services (e.g., e-commerce website), your employees, and your customers through these commercial heydays? Here are some tips to stay one step ahead of hackers and empower employees.
Stay one step ahead
What’s the difference between Black Friday and Cyber Monday? Black Friday kicks off the Christmas buying season with huge discounts and bargains in physical shops and online, whereas Cyber Monday focuses more on e-commerce deals. Therefore, this period marks a lot of online traffic, countless financial transactions, and a high load on your digital services. We share some strategies to prepare your organization for high-load commercial periods:
- Empower your customers. Hackers often abuse company names to phishing for (banking, payment, ID,…) data. Use your communication channels to share what kind of information your customers and the users of your digital services can expect from your company (and what not). Let them know how to contact you if they encounter suspicious communication on behalf of your company.
- Get rid of lookalike domains. Hackers register similar domain names of well-known companies to trick customers into rogue websites or use them in phishing campaigns. Gain visibility into new and existing domain registrations that can be linked to your business to proactively identify lookalike domains. You can monitor this with a DNS subscription or Brand Reputation services.
- Activate extended validation and verify your website with SSL (Secure Sockets Layer) certification. SSL encrypts the communication between the browser and the web server to secure the exchanged data. SSL certificated websites are identified by the https prefix and are validated by most of the commonly used search engines. SSL certificates create a secure environment for your website visitors by encrypting data traffic. This prevents data such as personal data and credit card information from falling into the wrong hands.
- Data = intelligence. Utilizing a SIEM can help you in identifying employees being the victim of Black Friday phishing techniques. For example, alert or hunt for spikes in (blocked) incoming emails with subjects relevant to Black Friday.
- Last but not least, make sure your antivirus is always up to date with the latest updates.
Empower your employees
Not only during commercial periods like Black Friday and Cyber Monday, hackers focus their efforts on people, but all year round. Here are ten tips to empower your employees and raise security awareness.
- If something looks too good to be true, it probably is. Is an offer realistic? If not, be extra vigilant. It could potentially be bait for fraudulent activity.
- Always use strong and complex passwords. Make sure they are long enough, unique, and have different characters. A strong password is an important barrier preventing your online accounts from being hacked. Never reuse passwords across sites! Don’t worry about remembering all those different and complex passwords, a password manager can be of great help with this.
- Where possible, activate two-factor authentication on the websites you use and social media channels.
- Avoid using public Wi-Fi networks; hackers can view and intercept the information or banking details you share.
- Email phishing is one of the favorites of hackers and is very effective. Check the sender, hover over links/banners before clicking, and never share personal information unless you are 100% sure of the source. When in doubt, check in person or go directly to a website (rather than clicking the email link). Checking is never a bad idea.
- Cyber fraud doesn’t only happen via email; hackers have found their way into WhatsApp, SMS (Smishing), and other communication channels. Be careful if you get commercial offers or significant discounts via those channels
- Keep an eye on your bank statements regularly to monitor if your banking activities are as expected.
- Keep track of your digital footprint. Be aware of the information you share (and don’t share).
- Train your employees in security awareness to raise the barrier to malicious attempts. Also, share information about what to do if they encounter something suspicious, such as an internal abuse@ mail address. Take a look at SafeOnWeb to discover more information on end-user awareness.
- Sometimes it’s (just) too late. When you realize you’ve been trapped, there are some steps you can take. We list some important ones, depending on the situation. Call Card Stop to block your bank card and contact your bank as soon as possible. To prevent further misuse of your account, contact your IT support to block or reset your account.
Whether you join in the commercial madness or not, these tips and tricks can be used and implemented all year round to protect your business, customers, and employees. Because above all, being prepared and aware is an important step to outsmart hackers. So, now that the Christmas shopping season has officially started, we hope you enjoy a safe and excellent shopping experience for yourself and your customers!
If you would like to continue the conversation about security awareness or share your ideas or challenges, do not hesitate to contact our team of Security and Service Intelligence experts.