Online Shopping Rules the Holidays

‘Tis the season for online holiday shopping. Unfortunately, cybercriminals know that this is also the best season for retail-related crimes. Holiday shopping can be frenetic, and online shopping is no exception. Consumers are making more purchases, are busier and are more distracted, which can lead to making security mistakes that will come back to haunt them.

Enterprises could also end up finding coal in their holiday stockings. Those harried consumers doing their holiday shopping online include your employees. And — let’s be honest — some of them will be doing their online shopping during work hours or with corporate devices.

Even if they aren’t shopping from their desks during work hours, your employees may be shopping using the same devices they use on the job. That makes the hazards of online shopping over the holidays a concern for everyone.

How Cyberthieves Cash In on the Holidays

Online shopping poses two major potential security risks for shoppers and the employers whose security they may accidentally compromise.

One threat is accidentally downloading malware, which may then proceed to do what malware does: look for data to steal and opportunities to spread itself to steal even more data. The other online shopping risk is being taken in by scams that can lure shoppers into providing lucrative data, from credit card numbers to account passwords.

These hazards are amplified over the holidays, NBC News noted. Not only are people doing more shopping, but they are more likely to be looking for special holiday gifts at online stores they don’t regularly visit. When online shoppers go outside their comfort zone, they could expose their systems to malware simply by clicking on an unknown and malicious site.

Shopping is not the only online risk that peaks over the holidays; charitable giving also goes up. And just as unfamiliar online stores can pose security risks, so can unfamiliar and potentially nefarious online charities soliciting donations.

‘Tis the Season to Be Proactive

The best holiday advice for online shoppers is to be sensible and a bit wary. Do not let excitement or the hectic holiday pace lead to careless errors. These are good lessons to reinforce with employees or integrate into a security awareness program.

For businesses protecting their IT environments from holiday hazards, the first line of defense is to remind employees about online holiday shopping fraud and how to avoid these schemes. The second line of defense is to recognize the heightened threat level and take proactive steps. This could be a good time for IT to evaluate its security and update its defensive measures.

The holidays could also be a good time to require everyone to reset their passwords. One easy password scam available to malicious websites is simply to ask site users to create a password. All too often people will enter a password they are already using on another account — perhaps their work password. Resetting credentials at the start of the holiday shopping season, and again afterwards, is a good way to minimize the risk from this threat.

As always in the IT security world, no defense is absolute. Threats are constant. But awareness of holiday-related online shopping hazards is the first step toward protecting your employees and business from a nasty holiday surprise.