Don’t discount your Cybersecurity this Black Friday and Cyber Monday

The traditional shopping experience has changed drastically over the last few years due to the Covid-19 Pandemic. Most businesses have been digitizing an increasing number of their processes and are relying on online channels to connect with their customers more than ever before. 

Black Friday used to be just that, a single (Fri)day. Nowadays, for an increasing number of retailers, it has become a week where they present their best deals to customers, and is often seen as the beginning of the festive shopping season.

A recent consumer research report published by PwC revealed that during Black Friday and Cyber Monday, 37% of consumers were interested and may buy (up 2% from 2021), whilst 24% of consumers stated they will definitely buy – matching 2021 levels. Although the cost-of-living crisis will have an impact, demand is still higher than 2020 levels where only 16% of consumers planned to purchase in the Black Friday period.

With most retailers viewing online as a key channel for their Christmas sales ramp-up, we’ve put together a few, easy-to-implement recommendations that will help keep the surge of online shoppers safe from cybercriminals.

1. Enforce Two-Factor Authentication (2FA)

Most software solutions allow you to implement Two-Factor Authentication in their login procedure. They also allow you to implement and enforce it at an administrator level so that all users are protected. This ensures that, in the event that a user’s password is compromised, third parties won’t be able to access a company’s systems and data.

2. Keep your systems up to date

Although a fairly well-known topic, with the pervasive threat of new cyberattacks, it’s vital to keep systems updated. Most systems can either be updated remotely or set so that updates are automatically installed as soon as they become available.

3. Beware of attachments 

Communications with customers and suppliers are at risk of impersonation by third parties, who can include many different types of malware within emails. Make sure you consider if the email is expected and if you know who the sender is. Attachments with unknown extensions should be treated carefully and if in doubt, you should always report it to your IT/Security teams.

4. Follow Procedures and implement anti-phishing training

An increased number of emails appearing in customers’ inboxes during the holiday season can make it difficult to spot phishing attempts from cybercriminals who look to take advantage of this surge in transactions. Skipping a critical verification can be the open door that a cybercriminal may be waiting for. Make sure employees know and implement all company procedures.

Training can further help with the practical implementation of your procedures and raise awareness about the risks that attachments can pose. Having a thorough understanding of both company procedures and how to interact with suspicious emails will help lower the risk of cyberattacks. 

5. Monitor your DMARC Reports

DMARC is an email authentication protocol that blocks email impersonation, allowing you to see the volume of illegitimate traffic sent from your domain. It’s recommended that you keep an eye on your DMARC reports on a regular basis. If a cybercriminal is trying to use your domain to send illegitimate emails, DMARC will alert you to this. Additionally, you can see if any of your email-sending services go out of configuration, which will negatively impact your email deliverability.

6. Be careful when processing supplier’s emails

Email authentication protocols like DMARC are well known to a number of companies and are recommended by several organizations such as NCSC. A number of companies have already implemented DMARC to protect their domain and stop email impersonation. However, there are still a vast number of companies that haven’t yet deployed DMARC so every email from your supplier needs to be checked carefully. 

The fact that the email has a “from address” from your supplier doesn’t guarantee that it comes from them.

Anti-phishing solutions can help to spot a number of these emails but be aware that their rules-based approach is subject to change and won’t necessarily capture all possible scenarios. Employees should look out for changes to bank accounts and delivery addresses and if ever in doubt, check with your IT/Security teams about how to follow the company procedures. 

7. Investigate every report from your employees 

In many cases, an email with simply no text or apparently inconspicuous text could be the preamble for a bigger cyberattack. Cybercriminals may be phishing for information in what appears to be an innocent email e.g. trying to get an auto-reply from an employee to find out when they’re on holiday. It’s always better to raise the alarm and be wrong, than not to do anything and put yourselves or the company at risk. 

Technology provides opportunities for businesses to not only improve and automate their operations but also communicate more effectively with their customers. As digital transformation continues to progress, it’s important we keep security top of mind and not an afterthought. If you build a digital “entrance” to your shop, make sure you apply a digital “lock” to keep your company and your customers safe.

Red Sift’s Digital Resilience Platform solves for the greatest vulnerabilities across your complete attack surface, and email is a key part of this. If you’re looking to improve your email security or would like to discuss ways in which we can help improve the cybersecurity of your business, get in touch with our team.

PUBLISHED BY

Red Sift

22 Nov. 2022

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more
Cybersecurity

New Zealand moves to mandate DMARC enforcement

Jack Lilley

Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…

Read more
BEC

DMARC: The best ROI for your organization

Jack Lilley

Executive summary: Implementing DMARC delivers one of the clearest, fastest returns on investment in email security. By authenticating outgoing mail and blocking spoofed messages, DMARC cuts the direct costs of phishing and Business Email Compromise, safeguards brand reputation, and boosts deliverability—ultimately driving revenue and trimming operational workload. Key takeaways: Email is a critical communication tool for…

Read more