Cyber Threats Don’t Take a Vacation

Tis the season to be jolly! This time of year is filled with holiday cheer, the spirit of giving and purchasing gifts for loved ones and friends.

Traditionally people would rush to their local retail stores and malls to purchase their gifts. However, purchasing gifts online has been steadily increasing over the last several years. Just last year in 2019, 14.1% of global retail sales were ecommerce purchases and that number is expected to climb to 22% by 2023. So far in 2020 during the first 10 days of the holiday season, U.S. consumers spent $21.7 billion dollars online – a 21% year-over-year increase, according to Adobe Analytics.

This double digit growth in ecommerce spending should come as no surprise, given that large ecommerce companies like Shopify have shared data that show 52% of buyers have shifted more of their spending online compared to earlier this year. While ecommerce spending has been trending upward for the last several years, the COVID-19 pandemic has impacted buyer behaviors and more people are making their holiday purchases online in 2020 to avoid crowded retail stores.

Industry analysts are not the only ones that are recognizing this dramatic rise in ecommerce activity…cyber criminals are as well, and they’re looking to capitalize on the increased holiday traffic on ecommerce buying channels. In 2019, cybersecurity company Kaspersky reported that cyber-attacks directed at holiday shoppers were up 15% from the previous year. That trend is likely to continue into this year and possibly increase from 2019. The FBI even released a press release on November 17^th this year, providing a warning to online shoppers to beware of scams which can lead to credit card and identity theft.

You may be asking yourself, “Do cyber threats from consumer online shopping impact my business?” Answer – Absolutely.

With many businesses transitioning to a remote workforce in 2020, surveys show that up to 56% of remote employees use personal devices for work. If an employee’s personal computer is hacked while shopping online and it contains business data or applications, those business workloads can be stolen or compromised…along with their personal data.

While most businesses have a policy that work-issued PCs are not to be utilized for personal usage, the truth is that there will be employees that use their work PCs for casual web browsing, checking personal emails and even online shopping. Like the scenario with a personal device, the results for a business can be devastating if a work PC is hacked due to online shopping threats.

With the increase in cyber threats and online shopping during the holiday season, it’s best to take proactive measures to ensure that your employees know security best practices and are protected from cyber-attacks.

Here are some helpful tips to protect your employees and business from online shopping related cyber threats:

Communicate (or create) Your Work Device Policy

This time of year is the perfect time to send a companywide communication gently reinforcing your company’s Work Device Policy. Your policy should include language about not using work-issued devices for personal usage. It can be helpful to list examples, including online shopping.

If you don’t have a Work Device Policy, you can always create one. If you’re a smaller company and don’t have the resources or desire to create a formal policy, sending an email to your employees can possibly suffice and be a good reminder of responsible usage with a work-issued device.

Provide Your Employees with Online Shopping “Security Tips”

Most cyber security best practices for everyday work tasks are applicable to online shopping as well. This includes practices such as not clicking links or attachments on emails from unknown senders, and not visiting unfamiliar websites and submitting sensitive information.

The FBI Holiday Online Shopping press release (mentioned earlier in this blog) gives helpful tips for online shoppers to avoid online shopping scams. The FBI tips include:

• Avoid suspicious sites, phishing emails, or ads offering items at unrealistic discounts
• Make sure a site is secure and reputable before providing your credit card number
• Beware of social media posts that appear to offer special vouchers or gift cards
• Secure your banking and credit accounts with strong passwords

Another helpful tip: DO NOT save credit card information on a website. It may be convenient, but it makes it easier for cyber criminals to steal your credit card information.

Implement Cyber Security Solutions for Your Business

Even with employees being conscious of their activity online and when reviewing emails, people inevitably get hacked…it’s not a matter of “if” for a business, but “when” and “are you prepared?” Simply having anti-virus software is not enough and doesn’t protect your employees from various tactics cyber criminals will use to exploit security vulnerabilities.

Having password enhancing services, like Multi-Factor Authentication (MFA), can help prevent security breaches of your business-critical applications and data. In addition to MFA, Cybersecurity Monitoring Services are your best defense against security threats and will provide your business with threat evaluation, detection and prevention at every level.

Beyond these two options, maximizing your business’ cybersecurity protection requires a holistic approach to your IT environment.  At NexusTek, we can help you identify your cyber security vulnerabilities and design a cybersecurity solution that will protect your business. Our Cybersecurity Services implement the latest technology and industry best practices to keep your business safe and operational.