Shopping season is officially here. South Africans will soon head to malls, markets, shops and online stores to get the latest discounts on their must-have items when Black Friday arrives on 29 November.
This, says Brian Pinnock, cybersecurity expert at Mimecast, creates an unmissable opportunity for cybercriminals to trick your employees and compromise your systems.
“Since Black Friday runs for a full 24-hour period and stock is limited, most people will either have to get up really early or spend time at the office shopping for the items they want,” explains Pinnock. “This creates immense security risks to organisations, who are already defending against sophisticated cybercrime organisations looking to exploit their systems for financial gain.”
“Criminals capitalise on the fact that not all digital banking clients are digitally literate and exploit this vulnerability for their own financial gain,” says SABRIC acting CEO, Susan Potgieter. “SABRIC would therefore like to warn employees against saving their bank card details on e-commerce websites, as well as encourage them to make use of 3D Secure, a technical standard created by Visa and MasterCard to further secure Card-Not Present transactions over the Internet.”
Pinnock adds: “Organisations could be put at risk if their employees inadvertently click on malicious links or open attachments containing malware.
“There is also likely to be a spike in targeted and untargeted phishing attacks as crooks try to imitate popular retailers to dupe unsuspecting consumers into sharing their credit card details.
“Malware could also quickly spread throughout the organisation – in fact, in our latest State of Email Security Report, 34% of South African organisations said they’d been hit by an attack where an email with infected attachments spread from one employee to others.”
Pinnock says it is essential that organisations take appropriate measures to ensure systems and employees are protected.
“It’s unlikely that organisations will be able to dissuade motivated employees from making online purchases on Black Friday, so it’s important to manage the level of risk this creates for the business.
“Practical and detailed awareness training – which should be a regular occurrence for cybersecurity -conscious companies already – should be conducted to give employees the knowledge to spot potential cyber threats.”
For Black Friday, Pinnock recommends that organisations provide awareness training to help employees:
* Know not to open unknown attachments or click on any links in marketing emails and to rather go straight to the website to see the offers there;
* Identify subtle clues – such as spelling errors – that may indicate the email they seemingly received from a retailer is actually from an imposter;
* Only shop at reputable retailers and avoid unknown ones, even if the offers are amazing;
* Never forward emails that may contain malicious attachments or links.
“Companies should also ensure they have a cyber resilience strategy in place that put effective security controls in place to detect and prevent cyber threats, include powerful business continuity tools to maintain business productivity in the event of an attack, and offer automated backup and recovery capabilities to quickly restore data and systems after an attack,” explains Pinnock.
“Regular communication with employees over password etiquette and safe online habits, urging discretion on social media to not share intimate details that cybercriminals can exploit, and maintaining general cybersecurity hygiene can go a long way to minimising opportunities for crooks to exploit employees during high-activity periods such as Black Friday.”