Holiday shopping season is almost upon us. Not only does Thanksgiving weekend signal the start of the Christmas shopping rush, the two busiest online shopping days of the year fall either side of Thanksgiving weekend – Black Friday and Cyber Monday. With bargains galore to be found online, basic web security practices often go out the window.
Unfortunately, this is a bad time to forget or ignore basic web security practices. Black Friday and Cyber Monday are busy days for cybercriminals. Christmas may be a time for giving, but Cyber Monday and Black Friday are days when cybercriminals are receiving. It is when their phishing campaigns really pay dividends.
Thanksgiving Weekend: The busiest 4 days of the year for online retailers
80% of annual online sales take place in just one month: From Thanksgiving Day to Christmas Day. In fact, Thanksgiving weekend – from Black Friday to Cyber Monday – is the busiest online shopping period of the year. It is when the majority of online sales are made and also the time when the most online purchasers are defrauded.
80% of all online sales will take place over the coming month, and 80% of those purchases will be made during office hours. Unsurprisingly, the run up to Christmas is a very busy time for system administrators and other IT security professionals. It is not a time to wind down and relax.
Cyber Monday is more than just a marketing invention. The Monday after Thanksgiving saw shoppers head online in the millions. It was already one of the busiest online shopping days of the year. Retailers then took advantage and started offering discounts on purchases to attract web visitors to their own online stores. Now, many retailers compete by offering huge discounts in an attempt to get visitors to purchase their products. It is now a day when there are amazing bargains to be had.
Basic web security practices are ignored on Cyber Monday
Offers are frequently only made available for a very short period of time. The aim being to get visitors to buy now! Some retailers may only offer a particular discount for an hour on Cyber Monday. They know that any visitor who doesn’t buy while on their site will be unlikely to return. They will just take advantage of another retailer’s offer. Because of the huge opportunity to save money, there is a buying frenzy on Cyber Monday and basic web security practices are temporarily forgotten.
Employees spend hours on websites on Cyber Monday instead of working, and many fall for online scams, visit phishing websites, download malware, and generally take more risks than they normally would. It is a bad day to be an IT professional.
How can online shopping be controlled and risk managed?
Robert Half Technology recently conducted a survey that indicated over a fifth of CIOs permit employees to spend some time shopping online while at work, but their Internet activities are monitored. A little personal online time is OK, but any employee found to be abusing the good nature of their employer faces disciplinary action.
In order to give employees this perk and also effectively manage security risk, these companies employ a web filtering solution. They are able to manage risk by restricting the websites that their employees are allowed to visit. Typically, they would be prevented from accessing websites that do not have a valid security certificate.
These employers are also able to prevent certain individuals from doing any shopping online. If online shopping exceeds acceptable limits, the privilege can easily be taken away. A web filtering solution can also be employed to prevent users from visiting malicious websites and from being displayed adverts containing malicious code.
This is essential. There is a considerable risk from cyberattacks and malware infections from personal use of online shopping sites and social media networks. Each year, 431 million individuals become victims of online scams, phishing attacks, and other cybercrimes. The cost of cybercrime is considerable. Over $114 billion is lost to online criminals every year. The decision not to address phishing, spam, malware, and cyberattack risks is one that is likely to be regretted.
