Black Friday is nearly upon us. Cue endless headlines about e-commerce retailers recording their ‘best day ever’ (since last year) and photographs of monstrous queues outside department stores.
In amongst the frenzy of articles titled things like ‘10 of the best deals on electricals this Black Friday,’ you’re also bound to find a few on safety- how to stay physically safe during the hustle and bustle or how-to’s for shopping securely online.
However, what you won’t find is much guidance for small businesses. Black Friday brings with it a heightened risk of cyberattack, particularly in an environment when many SMEs are working remotely. So, to help you get your business through this year unscathed, we’ve put together a brief overview of the risks and some suggestions on how to avoid them.
What cybersecurity risks does Black Friday present?
Black Friday is a veritable all-you-can-eat buffet for cybercriminals. Millions of online shoppers, in a rush to grab that must-have deal, often means widespread carelessness on a scale that simply doesn’t happen any other day of the year – with the exception of China’s Single’s Day.
Hackers look to exploit consumers temporarily taking leave of their better instincts in a number of ways. Let’s take a look at some of them.
Phishing scams
Phishing scams are a year-round problem. We’ve all had a fake email from a major retailer that’s almost a carbon copy of the real thing but for the slightly misaligned logo, weird syntax or font that just doesn’t look quite right.
However, during a major retail event like Black Friday, the chances of a successful scam go up. If you’re desperately trying to get a killer deal for a new TV and an email comes through telling you that you’re billing information needs updating, you’re much less likely to spot a fake.
You’re probably in a bit of a rush, never the best frame of mind for considered judgements. What’s more, if you’re already shopping, a fake email claiming to relate to what you’re doing online might not set off the alarm bells it normally would.
Old apps
Again, this is a problem 365 days of the year. But a major retail event provides the perfect cover for cybercriminals to test out the vulnerabilities of popular software and applications for two reasons. One, technical teams’ attention tends to be focused on ensuring apps can handle the sudden surge in demand rather than security. And, two, because many consumers will suddenly be using apps they haven’t used or updated in months – giving cybercriminals an easy route in.
Is your business considering switching to remote working permanently? Don't make a decision before reading our new guide, Cyber Safety in a New Era of Work.
Fake websites
Much like phishing scams, Black Friday usually comes hand-in-hand with a glut of fake websites claiming to sell this years’ must-haves at bargain-basement rates. Most of these sites are simply fronts for hackers to acquire data or launch attacks on unsuspecting consumers.
Public networks
This is unlikely to be a problem at your workplace. But you’d be surprised how often people pop to the local coffee shop for lunch and log into an unsecured public WiFi network on a company device. And this is all the more likely on Black Friday as people check out the latest offers during their lunch hour.
The problem is this gives cybercriminals an unbelievably simple way to hack into any unsecured devices on the network. Once in, they’ll be able to get to any company assets accessible from that device.
Weak passwords
We’re often banging the drum about the importance of strong passwords. And although it’s vital all the time, it’s particularly so during an event like Black Friday. With so much traffic on popular sites, it’s the perfect time for cybercriminals to try out large-scale brute-force attacks.
How does this affect SMEs?
You could be forgiven for wondering what the risks we’ve outlined have to do with your business? After all, aren’t they all related to consumers?
Unfortunately, that’s just the problem. We’re all consumers. And your business is made up of them. Whether it’s on their lunch break or in a spare 15 mins before meetings, it’s highly probable that at least some of your people are going to spend time buying or browsing this Black Friday. This could open up your business to some of the risks we’ve run through so far.
If, like most companies, your staff are working from home the risks are even higher. As research from ZDNET reveals, 52% of employees believe they can get away with riskier behaviour when working from home. This includes activities like browsing suspect websites and using public networks.
How can you protect your business?
So what can you do about it? With Black Friday just a few days away, here are a few quick tips for keeping your business safe.
Educate your people
Most risky cyber behaviour stems more often from ignorance or carelessness than malicious intent. So educate your people about the risks we’ve covered in this piece. It doesn’t have to be more than a quick all-company email later this week.
Ensure everyone has the right security
Check that all corporate-owned or managed devices have the latest security capabilities correctly set up. With many people working from home, ensure the same practices you’d insist on in the office are being used everywhere.
Practice good password hygiene
All your employees should be using complex passwords and two-factor authentication, as well as changing passwords regularly. So, set up a password policy with these requirements and ensure everyone follows it.
Run the latest versions of all software
Ensure everyone is regularly installing updates and patches for the software on their devices. You can read more about the importance of patching and updates here.
Encourage staff to shop on personal devices
It might not sound like much, but limiting the number of sites your people visit using company devices can minimise the risk of attack. So by all means let your employees shop ‘til they drop, but keep it to personal devices.
Secure your network gateways
It’s easy to forget about WiFi itself when thinking about cybersecurity, but it’s a crucial part of good cyber hygiene. Changing the default settings and passwords on home routers can help reduce the likelihood of staff being attacked and, in turn, reduce the risk of a breach for your business.
‘Black Friday’ always sounds a bit like an economic disaster or tragedy. And, in cybersecurity terms, it certainly has the potential to cause problems. However, by following the guidance we’ve provided, you should have everything you need to ensure this year passes without a hitch.
Want to know more about how to reduce the risks involved with remote working? Then download our new guide, Cyber Safety in a New Era of Work.