How to get your cybersecurity in order before Black Friday

Black Friday may be best known for the chaotic scenes in retail as millions of consumers hunt for the biggest bargains. At the same time, however, cybercriminals are working overtime to exploit individuals looking for offers that are probably too good to be true and retailers who are distracted trying to reap maximum rewards from the busiest season of the year. To that end, both Black Friday and Cyber Monday are ripe times for serious cyberattacks.

Black Friday revolves around a sense of urgency. Sales and marketing teams are hard at work showing off their best deals to customers, while customers themselves tend to be distracted while they’re out (or online) looking for bargains. This presents a perfect opportunity for social engineering scammers to exploit that urgency with lofty promises that consumers are all likelier to fall for at this time of year.

For retailers or any other business that takes advantage of the Black Friday or Cyber Monday sales, this translates into a serious reputational risk. Social engineering scammers often use the time to set up malicious websites or send phishing emails masquerading as the real thing, impersonating legitimate companies and their employees. Even though this might be beyond the control of the companies being impersonated, every business would do well to warn their customers of the heightened threats.

There’s also a greatly increased risk of companies themselves being targeted. To make their scams look more authentic, attackers might target a business’s communications systems with a view to taking over an account. For example, if a company’s WhatsApp account is infiltrated, an attacker might use it to carry out phishing attacks against the company’s customers.

Another common threat, particularly during the lead up to Cyber Monday, is e-skimming, also known as Magecart malware and its various derivatives. E-skimming involves infecting online checkout pages owned by legitimate companies and stealing personal and payment data from customers. When this happens, customers naturally place the blame on the legitimate retailer, since it is, after all, their job to ensure their online stores are secure enough to prevent this from happening.

To effectively mitigate risk, every organization should be aware that opportunities for business also tend to be opportunities for attackers. Increased sales mean more attention from phishing scammers as they try to get a slice of the pie. To reduce these risks, businesses must not let the excitement around Black Friday and Cyber Monday get the better of them. Security must remain front and center, and that requires implementing zero trust security measures, investing in continuous security awareness training, and monitoring all your communications channels. It’s also important to view your site as a customer, rather than focusing solely on the server side, since this perspective will help you identify issues that might suggest a compromised site.

Finally, businesses should not be afraid of raising awareness of the risks to their customers. By educating their customers on their security policies and procedures, they’ll be able to build trust and reduce the chances of customers unwittingly falling victim to scammers posing as the business’s own sales reps and other employees. When it comes to customer-facing communications, it’s vital that you monitor every message and that your customers can tell the difference between which communications are legitimate and which ones signal a phishing scam.