Once just an American tradition, Black Friday sales have quickly spread across the world as retailers attempt to take advantage of the holiday season to shift high-value stock and build on their customer base before the Christmas rush. While the Americans climb over each other to get the best deal in stores, most retailers in Europe provide their best deals through their online business throughout the period.
In the past, cybersecurity advice circulated close to Black Friday has attempted to raise customer awareness of the pitfalls of online shopping, including how to spot fake deals and how to keep private data safe when shopping online. However, as GDPR extends its arms across the continent, the responsibility for cyber safety is now firmly in the hands of business owners. Responsible retailers will need to ensure that they do their utmost to protect consumer data or risk not only official fines but major damages to their revenue and reputation.
Small businesses, in particular, will need to take extra care over the holiday period as GDPR cares little for the size of a business but is able to do major damage to smaller retailers who make cyber safety an afterthought. Furthermore, 37% of SMEs in the UK have stated that they don’t have a cybersecurity plan and 40% said they wouldn’t know who to contact in the event of a breach, showing that, even despite the threat of repercussions from GDPR, many businesses still aren’t taking cyber hygiene as seriously as they should be.
As Black Friday approaches, with Christmas following closely behind, online retailers of all sizes need to know the biggest cybersecurity threats and plan strategies of how to mitigate them.
Most common issues
90% of cyber breaches are caused by human interaction. This means that your staff are your most vulnerable asset. This is due to the fact that every staff member is capable of falling victim to outside manipulation, carelessness or deliberate insecurity. Though not every staff member needs to be a cyber expert, every person in an organisation should understand their role in data security and how to fulfil it.
Similarly, phishing is one of the most common cyber threats to a business as it uses techniques known as social engineering to manipulate staff into giving away sensitive data or authorising bogus payments.‘Whaling’, where criminals pretend to be company executives in order to steal information or redirect payments, is a growing trend which staff often overlook. While phishing scams can sometimes be easily identified, falling victim to any kind of cyber scam can be hugely damaging to a business.
Unauthorised access to company computer systems, whether through hacking or physically taking laptops or devices, can result in breaches of both company and client data. For any company allowing employees to use their own devices for work, ensuring that all devices have the proper levels of protection, such as encryption, is vital. Losing or having work devices stolen is something that can happen to anyone, but ensuring that data stored on these devices is accessible is essential to keeping it safe.
Denial of Service (DOS)
Some of the most common cybercrime strategies, Denial of Service (DOS) attacks can result in lost data, work time and revenue. DOS attacks work by sending a huge amount of requests to a device in order to temporarily or indefinitely incapacitate it. Depending on the severity of the attack, this can result in companies losing out on working time or needing to replace devices and losing data from the compromised machine
Another common method of cybercrime, ransomware viruses has caused massive amounts of damage to computer systems, most notably healthcare, where the WannaCry virus cost the NHS in the UK thousands of pounds in cancelled appointments and lost data. Criminals hold sensitive data hostage until a ransom is paid, meaning businesses can either lose out on the ransom or the compromised data. The best strategy to avoid falling victim to ransomware is to always have robust back-up procedures for sensitive data.
Consistent, comprehensive training
As staff at any business pose such a distinct threat, comprehensive cybersecurity training is essential to ensure that everyone understands how they contribute to data security. While there is always the chance that cybercriminals will use sophisticated methods of manipulation to break into a business, most attempted attacks are fairly rudimentary and can be spotted by a trained eye.
Cybercrime is one of the most common forms of crime worldwide and almost every business will face a breach at one point or another. Cyber insurance is a useful way to protect a business from failure in the event of a GDPR fine, lost revenue or compensation being paid out to compromised customers.
The UK National Cyber Security Centre (NCSC) runs a ‘Cyber Essentials’ scheme which is ideal for small businesses to establish a cybersecurity framework to cover the basics before developing more comprehensive solutions. As October is European Cybersecurity Month, taking a look through the partner resources on the official site will also help businesses understand how to take actions against phishing and other data security basics.
The practices and methods of cybercriminals are constantly changing and, as technology rapidly advances, new ways to break into our networks are always being found. For this reason, it’s essential for businesses of all sizes to test their devices regularly and search for vulnerabilities before they become a problem. While larger businesses may be able to employ their own cybersecurity specialists, small businesses should consider outsourcing the required work to save on costs while benefiting from the much-needed expertise.
Black Friday is one of the busiest, most hectic periods of the year for shoppers and retailers alike. While consumers must do everything they can to ensure they keep their data safe while shopping, it should be a high priority for online businesses to ensure they keep their customers happy and the threat of GDPR at bay over the holidays.
This article was written by Damon Culbert from Cybersecurity Professionals, worldwide cybersecurity job site.