• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Cybersecurity / Don’t discount your Cybersecurity this Black Friday and Cyber Monday

Don’t discount your Cybersecurity this Black Friday and Cyber Monday

by Red Sift
November 22, 2022November 22, 2022Filed under:
  • Cybersecurity

The traditional shopping experience has changed drastically over the last few years due to the Covid-19 Pandemic. Most businesses have been digitizing an increasing number of their processes and are relying on online channels to connect with their customers more than ever before. 

Black Friday used to be just that, a single (Fri)day. Nowadays, for an increasing number of retailers, it has become a week where they present their best deals to customers, and is often seen as the beginning of the festive shopping season.

A recent consumer research report published by PwC revealed that during Black Friday and Cyber Monday, 37% of consumers were interested and may buy (up 2% from 2021), whilst 24% of consumers stated they will definitely buy – matching 2021 levels. Although the cost-of-living crisis will have an impact, demand is still higher than 2020 levels where only 16% of consumers planned to purchase in the Black Friday period.

With most retailers viewing online as a key channel for their Christmas sales ramp-up, we’ve put together a few, easy-to-implement recommendations that will help keep the surge of online shoppers safe from cybercriminals.

1. Enforce Two-Factor Authentication (2FA)

Most software solutions allow you to implement Two-Factor Authentication in their login procedure. They also allow you to implement and enforce it at an administrator level so that all users are protected. This ensures that, in the event that a user’s password is compromised, third parties won’t be able to access a company’s systems and data.

2. Keep your systems up to date

Although a fairly well-known topic, with the pervasive threat of new cyberattacks, it’s vital to keep systems updated. Most systems can either be updated remotely or set so that updates are automatically installed as soon as they become available.

3. Beware of attachments 

Communications with customers and suppliers are at risk of impersonation by third parties, who can include many different types of malware within emails. Make sure you consider if the email is expected and if you know who the sender is. Attachments with unknown extensions should be treated carefully and if in doubt, you should always report it to your IT/Security teams. Anti-phishing solutions like OnINBOX can help empower end users by evaluating inbound emails and giving warnings and additional information about whether they should trust the email or report it.

4. Follow Procedures and implement anti-phishing training

An increased number of emails appearing in customers’ inboxes during the holiday season can make it difficult to spot phishing attempts from cybercriminals who look to take advantage of this surge in transactions. Skipping a critical verification can be the open door that a cybercriminal may be waiting for. Make sure employees know and implement all company procedures.

Training can further help with the practical implementation of your procedures and raise awareness about the risks that attachments can pose. Having a thorough understanding of both company procedures and how to interact with suspicious emails will help lower the risk of cyberattacks. 

5. Monitor your DMARC Reports

DMARC is an email authentication protocol that blocks email impersonation, allowing you to see the volume of illegitimate traffic sent from your domain. It’s recommended that you keep an eye on your DMARC reports on a regular basis. If a cybercriminal is trying to use your domain to send illegitimate emails, DMARC will alert you to this. Additionally, you can see if any of your email-sending services go out of configuration, which will negatively impact your email deliverability.

6. Be careful when processing supplier’s emails

Email authentication protocols like DMARC are well known to a number of companies and are recommended by several organizations such as NCSC. A number of companies have already implemented DMARC to protect their domain and stop email impersonation. However, there are still a vast number of companies that haven’t yet deployed DMARC so every email from your supplier needs to be checked carefully. 

The fact that the email has a “from address” from your supplier doesn’t guarantee that it comes from them.

Anti-phishing solutions can help to spot a number of these emails but be aware that their rules-based approach is subject to change and won’t necessarily capture all possible scenarios. Employees should look out for changes to bank accounts and delivery addresses and if ever in doubt, check with your IT/Security teams about how to follow the company procedures. 

7. Investigate every report from your employees 

In many cases, an email with simply no text or apparently inconspicuous text could be the preamble for a bigger cyberattack. Cybercriminals may be phishing for information in what appears to be an innocent email e.g. trying to get an auto-reply from an employee to find out when they’re on holiday. It’s always better to raise the alarm and be wrong, than not to do anything and put yourselves or the company at risk. 

Technology provides opportunities for businesses to not only improve and automate their operations but also communicate more effectively with their customers. As digital transformation continues to progress, it’s important we keep security top of mind and not an afterthought. If you build a digital “entrance” to your shop, make sure you apply a digital “lock” to keep your company and your customers safe.

Red Sift’s Digital Resilience Platform solves for the greatest vulnerabilities across your complete attack surface, and email is a key part of this. If you’re looking to improve your email security or would like to discuss ways in which we can help improve the cybersecurity of your business, get in touch with our team.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • 2FA
  • Black Friday
  • DMARC
  • retail

Post navigation

Previous Post Red Sift is officially the UK’s 24th fastest-growing company
Next Post The Digital Operational Resilience Act (DORA) is coming: start preparing today

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Milan Pro on Genesis Framework · WordPress · Log in