You better watch out. Holiday Cyber Grinches are about.

The holiday shopping season and cyber scams begin earlier every year. Learn how to guard your business against them.

Cyber crime is on a historic rise this year, and that means you and your employees are also more vulnerable than ever to emerging cyber threats. This Cyber Monday, making sure your workforce, remote and otherwise, understand online shopping safety basics should be a top cybersecurity priority for your organization. According to February 2022 Gallup survey, 42% of US employees have a hybrid work schedule, and 39% work entirely from home, increasing the odds that your employees are doing more online shopping on-the-clock than ever before. Unfortunately, risky employee shopping behaviors threaten more than their privately owned devices and personal information. All it takes is one compromised login on one employee’s work device to cause a devastating data breach and cripple your organization.

All of this can mean big trouble for your organization. For example, if a user clicks on a malicious link, attachment, or website, it could launch a cyberattack that infiltrates the company network. In addition, remote workers who connect to the network using personal devices could inadvertently spread malware or leak sensitive information – potentially racking up a hefty sum in damages.

Cybercriminals love holidays like Black Friday and Cyber Monday, and spend much of the year coming up with creative ways to capitalize on careless consumer shopping habits during the holiday season. This includes many bespoke holiday-themed spoofs involving phishing emails, social media scams, and more. They like to particularly prey upon the shopping habits of users, focusing on tactics like faking shipping confirmations, sharing fake deals, or promising gift cards in exchange for signing up for a newsletter.

As your employees make their holiday purchases, they will be overwhelmed with receipts, order confirmations, and shipment tracking information making it more likely they may overlook malicious links and attachments.

Scammers also are quick to take advantage of holiday giving, making bogus appeals for donations by spoofing the logos and websites of legitimate charities.

Once compromised on their home network or devices, remote workers who connect to your network using personal devices could inadvertently spread malware or leak sensitive information. One careless click on a malicious attachment or shopping link could initiate a cyberattack that infiltrates your organization’s network.

While some organizations ban online shopping, that tactic has not proven effective. Instead, the best approach is to ensure that users have the training and skills to spot cyber threats and report them. Phishing simulations and continuous cybersecurity awareness training, delivered in short, easy-to-remember sessions, can condition users to recognize phishing campaigns and other hazards and understand what they need to do to protect themselves and the company.

What you can do

With the holiday season upon us, we put together a list of 5 online shopping safety tips for you and your employees to reduce the risk of shopping online. That way you can get the goodies, without also being got by a savvy hacker.

1. Don’t Reuse Passwords – Use a unique password for every shopping website to reduce the risk of hackers gaining access across multiple sites to steal your information. Use a strong password and download a password manager to ensure keeping passwords up to date is quick and easy.
2. Don’t Share Personal Information – If you receive a phone call or email requesting confidential information such as a credit card number or pin, even if the email or phone number sounds familiar, cross-check it twice before sharing the details. Better yet, don’t share sensitive information via email. Hackers are skilled at using social engineering to trick people into believing they are legitimate and trustworthy.
3. Keep Your Software Updated – Whatever software applications you use, keep them updated. Updates consist of fixes to known loopholes or bugs. Hackers often penetrate a system utilizing the loopholes in it. You can protect your system from all such potential risk carriers by keeping it updated.
4. Do your holiday shopping with reputable retailers – Stick with big-name retailers you know and trust such as well-known department stores and retailers. Avoid shady third-party sellers and once you have decided where to shop, go to the retailers site rather than click on an ad, email, or text message. Don’t shop on public Wi-Fi.
5. Don’t holiday shop in public – Resist the temptation to shop at the airport while traveling or at a local coffee shop. Shopping online from your laptop, tablet, or phone while connected to an unencrypted and unsecured public Wi-Fi leaves you vulnerable to attacks by scammers ready to grab your name, address, credit card number, and other personal information.

How Phishfirewall Can Help Protect Your Organization from Cyber Scams

Phishfirewall offers a cybersecurity awareness training program featuring entertaining, bite-sized lessons and an AI-driven, automated, and adaptable phishing simulation platform designed to engage users and help them retain and apply what they’ve learned. Topics include general security awareness, password protection, phishing, and more. We can also customize programs to meet specific business and IT requirements.

Our library of security training content is continually updated to address the latest security threats, and our platform’s analytics and reporting tools allow administrators to assess users’ baseline knowledge, help determine progress and identify any training gaps.

Given the heightened risk of cyber holiday threats, there is never a better time to launch a new, innovative security awareness program. Contact us today and let us demonstrate how we can help your enterprise build safe online behaviors among your users this holiday season.

‍