How to Protect Businesses From Holiday Season Cyber Scams

During the Black Friday and Cyber Monday sales this year, Brits plan to spend an estimated £3 billion, with over half of UK adults (51%) planning to splash the cash over the holiday weekend. But it’s not just a lucrative time of year for businesses. Cybercriminals also look to take advantage of the increased traffic and high volume sales.  Fortunately, Keeper Security has provided cybersecurity best practices for small businesses to help protect sensitive systems and valuable customer data during the biggest shopping week of the year.

Cybercriminals utilise a range of tactics to gain access to an organisation’s systems and valuable data during this hectic time, which can include phishing attacks, ransomware, malware, business email compromise and more. Preparing for and actively defending against cyber threats is essential to maintain the security of customer data and transactions during the holiday shopping season and year-round. Retailers should implement a multi-layered approach to cybersecurity, including the following:

Employee Training is Key – As per the findings in Verizon’s Data Breach Report, 74% of security breaches are attributed to human factors, such as susceptibility to social engineering, compromised credentials, or inadvertent mistakes—such as misplacing passwords. Integrating cybersecurity training into the onboarding process is crucial, and regular phishing tests and supplementary training sessions should be implemented to keep employees informed about the latest threats.

Secure Sensitive Systems-Safeguard your payment processing by utilising reputable tools and isolating payment systems. Enforce privileged access management to secure and oversee access to critical systems like payroll and IT. Apply the principle of least privilege to ensure that employees only have access to the specific systems and accounts necessary for their job responsibilities. Establish an intrusion detection and prevention system to actively monitor for any signs of suspicious activity and potential threats. These measures collectively enhance the security posture of your payment processing infrastructure.

Protect Customer Data- Establish a routine for data backups and manage data access by assigning administrators and monitoring user permissions. Evaluate and refine your current data collection practices and policies to gain a comprehensive understanding of the user information your organisation gathers. Eliminate any redundant or unnecessary data, commonly referred to as dark data. If a specific piece of customer information is not essential for your company’s operations, refrain from collecting it to enhance data privacy and security.

Regularly Update Software-Maintain the security of all systems and software, including Point of Sale (POS) terminals and e-commerce platforms, by consistently updating them with the latest security patches. Deploy antivirus software and ensure it undergoes regular updates to guard against emerging threats. This proactive approach helps protect against known vulnerabilities and ensures a robust defence mechanism for your systems, reducing the risk of security breaches.

Consider Using Enterprise Password Managers –The most significant threat to a retailer’s cybersecurity often stems from weak and compromised passwords. To address this vulnerability, it is crucial to provide IT administrators with insights into employee password practices and empower them to enforce robust password security policies. This includes advocating for the use of strong, unique passwords and implementing multi-factor authentication (MFA). Additionally, the adoption of an enterprise password manager proves invaluable by thwarting attempts where employees might inadvertently enter their credentials on phishing sites, thus bolstering overall cybersecurity measures.

Secure Your WiFi Network-Enhance the security of your network by employing a robust password, ideally consisting of a minimum of 16 characters with a randomized combination of letters, numbers, and special characters. Verify that encryption is enabled by updating the settings in your Internet Service Provider (ISP) administration panel if it’s not already activated. Most routers come equipped with built-in firewalls, so it’s essential to ensure that this feature is enabled for an additional layer of protection. For remote workers accessing the network from outside the office, implement a Virtual Private Network (VPN) to establish a secure and encrypted connection, safeguarding sensitive data during transmission.

By taking these steps, retailers and small businesses can bolster their cybersecurity posture and better protect their systems and data during the high-stress period of Black Friday and Cyber Monday.

You can read more tips from experts accross the industry here.