Shoppers unite! Black Friday and Cyber Monday are upon us!

Cyber and digital risks for any company that offers online sales needs to be on high alert this weekend. As consumers and businesses trade more information with one another online, how do you as a company make sure your data, and that of your customers, stays safe? 

What – and who – is out there?

Thinking about your data being susceptible is at best, distracting, and at worst, scary, especially with the rise of Magecart.  This rapidly growing cybercrime syndicate, composed of dozens of subgroups that specialize in cyberattacks involving digital credit card theft, named themselves after the code they inject, which allows them to skim online payment forms (similar to ATM skimming in the real world). This process is also similar to the use of financial malware, which as the name suggests, is malware designed to give the hacker access to your money.

Firewalls and your business

Unfortunately, these tactics aren’t the only ones being used. DDoS or distributed denial-of-service attacks are particularly important to look out for during the holidays, as these attacks can be especially impactful during the holiday season. DDoS attacks often include incoming messages, requests for connections, or fake packets which overrun your network or server to make your site inoperable for those hoping to do business with you and vulnerable to further attack from hackers. To avoid this, ensure that your firewall is properly configured (your IT manager or internet service provider should be able to check). 

Pro-tip: Firewalls come in two main types – standard and web application firewalls, or WAFs. Where a standard firewall protects and secures your network from potentially threatening communications coming from outside the network, security WAFs watch Hypertext Transfer Protocol (HTTP) traffic to ensure that web applications aren’t attacked by malware on the Internet, including the kind of code injection for which Magecart is named. WAF in IT security can be an excellent tool for your team to partner with standard firewalls to block attacks from multiple angles. 

When cybercriminals get in touch

During the holidays, your business wants to advertise the amazing deals that you will have for your customers, but hackers see this as an opportunity to slip in scams disguised as advertisements or promotions to catch your shoppers when they least expect it. Online scams, particularly via email, are used frequently by attackers who are attempting to get readers to provide their personal information without having to hack their victim directly.

One of the most popular forms of this kind of abuse is phishing, which are emails that appear to come from reliable sources when they are, in fact, scammers. This makes it incredibly important for individuals to be sure that the emails they are opening are coming from genuine sources. As a business owner and/or consumer, share the signs to look for in a phishing email, which include misspellings in the body of the email or email address and URLs or email addresses that look suspicious or unfamiliar. A tool like https://checkphish.ai/ can help you learn about URLs before clicking on them.

What to do if you are attacked

Do you have a plan in place? A plan should include continuity for different scenarios and a list of people you may need to reach out to in order to contain a security event or data breach, including your IT support, internet service provider, or third-party vendors. Make sure to print these out so you always have it – even if your network goes down. 

Take an inventory of the data that you process, store, or collect. If your business touches Personal Identifiable Information (PII), Personal Financial Information (PFI), or Personal Health Information (PHI), are the right protections in place to secure it from being accessible to attackers? If you have cyber insurance, make sure you know how to submit a claim and talk to your insurance company or broker to determine what kind of help they can offer you in the event of an incident. 

If a data breach happens, you are not on your own. Periculus is here to help you with any and all of your security needs. Created as a one-stop platform to serve small business owners and help them manage their unique digital risks, Periculus views risk differently.  We believe that on the other side of risk is opportunity.  And while we respect the threats and potential financial impact of them on your business, it is not in our DNA to fear them. Take your free assessment today. https://journey.periculus.com/