Avoid Holiday and Black Friday Scams with these Cyber Security Tips

The holiday season is finally here and with it brings a multitude of sales. According to Pew Research Center, 80% of American adults are now purchasing products online. But many of these online shoppers don’t realize the potential risk involved with online scams and fraud perpetrated cybercriminals to deceive buyers.

In this blog, we provide cyber security tips both for the consumer and organizations of all sizes during this peak holiday period. 

Online Shopping Tips for Buyers

Be Cautious of Online Links: Phishing schemes deliver nearly 90% of malware and malicious actors delivered by cyber attackers. It’s important that you’re hyper-aware of Black Friday scams this season. When in doubt, don’t click on any link. But, if you’re unsure about a link, you can hover over the link and the URL should be displayed in the lower left-hand corner of your browser.

Never Purchase on Open Wi-Fi Hotspots: As an online shopper, never use public Wi-Fi when making a purchase, transaction, or checking online banking information without using a Virtual Private Network. A VPN guards your private data by using encryption and makes it much more difficult for a cybercriminal to obtain access to your device. If you don’t have a VPN application, use your cellular network when security is important in these situations.

Learn more about VPNs from our sister company, BLOCKBIT, here: https://www.blockbit.com/blog/2017/10/19/four-tips-understanding-vpns/

Use Strong Passwords on all Online Accounts: Using strong passwords are paramount to keeping cybercriminals out of your data. According to the National Institute of Standards and Technology’s (NIST) 2017 new password policy framework, you should consider using the following personal password policy:

• Dropping the crazy, complex mixture of uppercase letters, symbols, and numbers. Instead, opt for something more user-friendly but with at least eight characters and a maximum length of 64 characters.
• Don’t use the same password twice.
• The password should contain at least one lowercase letter, one uppercase letter, one number, and four symbols but not the following &%#@_.
• Choose something that is easy to remember and never leave a password hint out in the open or make it publicly available for hackers to see
• Reset your password when you forget it. But, change it once per year as a general refresh.

Make sure you have and update your anti-virus: Your devices should always be equipped with anti-virus (AV) protection software. AV software is just one defense against fighting malicious attacks. AV software uses a database of known malware and malware and other malicious viruses from entering your device and compromising your data. Always use or purchase an AV solution from trusted vendors and only run one AV tool on your device.

Check the website you’re buying from: When you’re shopping online, make sure that the business is using an encrypted HTTP or HTTPS connection. Every URL on the website should start with https:// and signifies that the store has taken extra measures to secure its financial transactions. This is a great way to avoid Black Friday scams and imposter phishing websites. 

Monitor your online accounts and credit reports regularly: During and after this holiday season of purchasing, you may want to monitor your online accounts and credit reports to see any inconsistencies. As we saw from the Equifax breach, it’s very important for consumers to protect their online accounts and monitor credit reports for any changes in activity. You may also want to consider a credit freeze for added protection during this season.

Holiday Security Tips for Companies and Employees

Monitor Your Security Events Closely: If your organization or your Managed Security Services Provider is focused on threat hunting, you or the provider will need to closely monitor, analyze, and investigate malicious code and callbacks, both attempted and successful security incidents on your network. Use these incidents as opportunities to gain insights into this fast-paced season of cyber attacks. A 24×7 Security Operations Center should use threat monitoring capabilities to understand how threats operate before they even hit your network.

You may also want to read: 10 Benefits of Using an MSSP This Season 

Be Hyper Aware of Phishing Attempts: As you can see from the Figure below, phishing attempts are the number one cause of security breaches for an organization. Arm your organization with Next-Gen Anti-Virus to protect your endpoints against zero-day exploits and infected endpoints from further corrupting your network. A Next-Gen AV solution can help drastically mitigate against ransomware threats that are delivered through phishing attempts to your employees.

Consider a Quick Vulnerability Scan: If you currently have a Vulnerability and Compliance Management (VCM) tool you can run a quick scan to identify the gaps and security misconfigurations within your network. During this peak holiday period, a quality VCM tool can continuously keep an eye on your security infrastructure and assets to ensure that vulnerabilities are not going to compromise your business operations significantly. A VCM tool will significantly reduce your overall risk during this critical period.

Check out BLOCKBIT’s rich feature set within VCM here: https://www.blockbit.com/advanced-vulnerability-management-vcm/

Train and Educate Your Staff: Employees may be shopping on company equipment which may not be allowed by your security and internet usage policy. Make sure you are conducting regular security training so that all employees know about your security policies and are familiar with the most common cybersecurity risks. If you can train and educate your employees about the pitfalls and indicators to look for in a “phishy” looking email, your organization will be well served.

The more your employees know about security best practices, the more empowered they are to protect your business. – Click to Tweet

This holiday shopping season might seem like a bad dream for you personally or to your security operations. But, when you implement some of these security best practices above you will be in a much better place to enjoy the time with family and friends. Are you looking for more information security best practices? Check out our latest eBook on the Essential Cyber Security Tips for Businesses below.

Did you enjoy this blog article? Comment below with your feedback.