Protecting Your Business from Cyber Monday Scammers

Black Friday and Cyber Monday deals attract millions of shoppers nationwide. These newly-coined holidays have made customers, and the sites they shop on, prime targets for cybercriminals who create scams that lure unsuspicious victims. So understandably, we hear a lot about how consumers can protect themselves this time of year.

But ultimately it’s up to the business to safeguard the customers who use their sites. For companies today, the threat of “shoplifting” is seemingly no longer physical — it’s a cyber threat that businesses must now be cautious of. Which is why it’s just as important, if not more, for companies to protect themselves from these scams.

Hopefully, if you’re a retailer or business with an e-commerce site, your network is well protected and Cyber Monday is just another day to you. But in case they aren’t, here are some simple tips that you as a company can benefit from as we approach the holiday season:

Train employees.

There are many factors that contribute to cyber breaches — human error being one of the biggest. Make sure you are training your employees on cybersecurity policies and practices. An unsuspecting employee who clicks on a seemingly authentic URL or email could be the breaking point. And this goes for executives and boards of directors, too. Make sure higher-profile employees who might have a higher risk of being targeted by hackers have the same training, if not more. The bottom line is to ensure your workforce has the tools and knowledge to navigate suspicious threats that could prevent a serious data breach that allows cybercriminals to enter your system.

Require users to create strong passwords.

80% of attacks are initiated using stolen passwords, which is why we’ve seen a shift in the way that passwords are managed. For example, the National Institute of Standards and Technology (NIST) just finalized new draft guidelines, substantially revising password security recommendations and upending many of the standards and best practices that security professionals use when forming policies for their companies. Under the new NIST 800 63B parameters, passwords can be up to 64 characters, and can even include emojis and other characters, such as ASCII and Unicode. Make sure your site requires consumers to create unique, strong passwords with special characters, numbers and a combination of case-sensitive letters.

Check passwords against those exposed in data breaches.

NIST Publication 800–63B also recommends checking that passwords being set or reset have not already been exposed in a prior breach. Hackers know that people use the same password across multiple accounts and use passwords found in one breach to take over other another account the user may have. Add a password check and don’t allow a user to reuse a password that has already been exposed.

Make sure your site is secure.

It may seem like an obvious tip, but many sites aren’t secure. Urge shoppers to use reputable sites, be careful of pop ups and make sure that online payments are made only at “HTTPS” sites. This will ensure that the data transferred between the web browser and the website is encrypted and limit the ability for a hacker to monitor your data.

Install the latest and greatest technologies.

Make sure you have strong cybersecurity programs installed to keep the hackers out. And if they do get in, make sure you have tools in place that track activity on the network so that investigative forensics teams can monitor the vulnerability and eliminate the threat if the system is hacked. Furthermore, make sure you have installed the latest patches on your payment systems to ensure you’re protected from cyber criminals trying to breach the system. Likewise, make sure your hosting provider periodically installs patches on the systems and/or web applications.

Check your security protections (and then check again).

The cybersecurity measures in place will only help if they are working as they should. Leading up to Cyber Monday, companies with retail websites should double check security arrangements to make sure your cybersecurity safeguards are installed properly and configured correctly.

Monitor.

Make sure you are monitoring for breached data so that if you are hacked, you know before others do and can alert customers if their information has been compromised. Consumers are much more forgiving when they’re directly notified by you, rather than another company or through the media. Scanning the surface, social and deep and dark web for stolen, leaked or lost login credentials and other information will allow you to track when credentials first appear on the dark web to guard against the theft of identities, information and money before it happens.

The bottom line is that there is no bulletproof way to protect your system. Hackers today are more sophisticated than ever and can penetrate even the most secure networks. But following the steps above will help ensure your company is better suited to stop these cyber attackers. The key is to plan early, check and double check your network security tools, and if something does go wrong, act immediately to take steps to monitor and manage lost data.