KnowBe4 APAC security awareness advocate Jacqueline Jayne details how retailers can keep their customers and businesses safe online during the holiday shopping period.
The run up to Christmas is the biggest spending season of the year.
Criminals know that consumers will be looking for deals and will be receiving more packages than any other time of the year.
These criminals use this to trick people into making purchases on shady websites and falling for phishing emails that focus on missed deliveries and cancelled orders.
Using email phishing to get consumers to log in to fake websites looking like Amazon or other major retailers, the criminals then steal the user name and password to log in to the account and make purchases with previously linked credit cards in the account.
These fraudulent purchases can use up available credit or get cards locked down for fraud, keeping consumers from doing the shopping they need to get done.
In addition, the hassle and stress of dealing with stolen credit card information or fraudulent purchases is not something anyone needs to be dealing with during the holidays.
Retailers need to make sure they're securing their communications and supply chain between third party vendors and within their own infrastructure.
Organisations want to enable multi-factor authentication for sensitive systems to prevent unauthorised access and protect their important data, assets and accounts.
McAfee’s July Quarterly Threats Report found that attacks targeting the retail industry have steadily increased by 15% in the first quarter of 2020.
As a result of COVID-19 restrictions, more people will be turning to online shopping than ever which will become a desirable target by cybercriminals across the globe.
Many retailers would be thrilled just to be in business and looking forward to a big holiday season and they are probably not cyber ready.
Credit card data is a form of currency for cybercriminals and retailers have a lot of it.
POS (Point of Sale) systems are a point of attack to obtain credit card details and personal identification numbers (PINs).
In these instances, malware (malicious software) is installed on the POS which will record everything.
Most malware will find it’s way onto a POS via an email where an employee would unintentionally engage with a phishing email (malicious email) which results in the deployment of the malware.
Another form of malware to be aware of is a Denial of Service (DoS) that is designed to disrupt.
What happens here is that the network is flooded with requests that the servers are unable to deal with resulting in an application or website not functioning.
Then there’s Ransomware - another form of malware - and as the name suggests, once this malicious software has been deployed, systems are shut down and a ransom is demanded.
Disgruntled or casual employees looking to make extra money or cause disruption need to be considered as well.
These are known as ‘insider threats’ and are becoming increasingly popular.
It’s important to note that phishing accounts for 90% of successful cyber attacks so your employees need to be aware of the red flags to look for.
Should a retailer become the victim of a successful cyberattack, the results can be catastrophic.
Loss of reputation, financial impact, brand damage, loss of trust and even having to close the doors.
This is nothing to laugh at.
This is serious business for the cybercriminals and protecting your systems, customers and even vendors must be a priority.
What can retailers do to stay safe?
1. Patch all software and check that your networks are safe from vulnerabilities.
2. Communicate with vendors and ask them what they have in place for cybersecurity.
3. Take employees through security awareness training to avoid falling for scams and social engineering attacks in both their personal and professional lives.
4. It would be advisable for them to educate their customers on what to look out for to avoid being scammed. All online retailers should have a page on their website dedicated to communicating with their customers on any scams that have been reported.
5. Using social media is also a great way to keep customers up-to-date with scams and can also be used as a platform to educate on staying safe online.
6. Educate customers who come into your physical stores on staying safe online and shopping safely.