This year has been very different from any other and shopping has not been exempt from the tides of change. Most businesses have been digitizing an increasing number of their processes and are relying on online channels to connect with their customers more than ever before.
Black Friday used to be just that, a single (Fri)day. Nowadays, for an increasing number of retailers, it has become a week where they present their best deals to customers and is often seen as the beginning of the festive shopping season.
In 2019, Black Friday sales jumped 16.5% compared to the previous year. However, a recent consumer research report published by PwC revealed a decline in consumer sentiment post November 2020 lock down, so they’re expecting sales to be down 20% compared to 2019. In any case, this is a very important time in the retail calendar.
With most retailers viewing online as a key channel for their Christmas sales ramp up, we’ve put together a few, easy-to-implement recommendations that will help keep the surge of online shoppers safe from cybercriminals.
1. Enforce Two-Factor Authentication (2FA)
Most software solutions allow you to implement Two-Factor Authentication in their login procedure. They also allow you to implement and enforce it at an administrator level so that all users are protected. This ensures that, in the event that a user’s password is compromised, third parties won’t be able to access a company’s systems and data.
2. Keep your systems up to date
Although a fairly well known topic, with the pervasive threat of new cyberattacks, it’s vital to keep systems updated. Most systems can either be updated remotely, or set so that updates are automatically installed as soon as they become available.
3. Beware of attachments
Communications with customers and suppliers are at risk of impersonation by third parties, who can include many different types of malware within emails. Make sure you consider if the email is expected and if you know who the sender is. Attachments with unknown extensions should be treated carefully and if in doubt, you should always report it to your IT/Security teams. Anti-phishing solutions like OnINBOX can help empower end users by evaluating inbound emails, giving warnings and additional information about whether they should trust the email or report it.
4. Follow Procedures and implement anti-phishing training
An increased number of emails appearing in customers’ inboxes during the holiday season can make it difficult to spot phishing attempts from cybercriminals who look to take advantage of this surge in transactions. Skipping a critical verification can be the open door that a cybercriminal may be waiting for. Make sure employees know and implement all company procedures.
Training can further help with the practical implementation of your procedures, and raise awareness about the risks that attachments can pose. Having a thorough understanding of both company procedures and how to interact with suspicious emails will help lower the risk of cyberattacks.
5. Monitor your DMARC Reports
DMARC is an email authentication protocol that blocks email impersonation, allowing you to see the volume of illegitimate traffic sent from your domain. It’s recommended that you keep an eye on your DMARC reports on a regular basis. If a cybercriminal is trying to use your domain to send illegitimate emails, DMARC will alert you to this. Additionally, you can see if any of your email sending services go out of configuration, which will negatively impact your email deliverability.
6. Be careful when processing supplier’s emails
Email authentication protocols like DMARC are well known to a number of companies and are recommended by several organizations such as NCSC. A number of companies have already implemented DMARC to protect their domain and stop email impersonation. However, there are still a vast number of companies that haven’t yet deployed DMARC so every email from your supplier needs to be checked carefully.
The fact that the email has a “from address” from your supplier doesn’t guarantee that it comes from them.
Anti-phishing solutions can help to spot a number of these emails but be aware that their rules-based approach is subject to change and won’t necessarily capture all possible scenarios. Employees should look out for changes to bank accounts and delivery addresses and if ever in doubt, check with your IT/Security teams about how to follow the company procedures.
7. Investigate every report from your employees
In many cases, an email with simply no text or apparently inconspicuous text could be the preamble for a bigger cyberattack. Cyber criminals may be phishing for information in what appears to be an innocent email e.g. trying to get an auto reply from an employee to find out when they’re on holiday. It’s always better to raise the alarm and be wrong, than not to do anything and put yourselves or the company at risk.
Technology provides opportunities for businesses to not only improve and automate their operations but also communicate more effectively with their customers. As digital transformation continues to progress, it’s important we keep security top of mind and not an afterthought. If you build a digital “entrance” to your shop, make sure you apply a digital “lock” to keep your company and your customers safe.
If you’re looking to improve your email security or would like to discuss ways in which we can help improve the cybersecurity of your business, please get in touch below.
