Member Article

Countdown to Cyber Monday – How organisations can keep their data safe

It may be the most wonderful time of the year, but from a cybersecurity perspective, it is potentially the most dangerous. With Cyber Monday just around the corner, employees are keen to hunt for deals, on company time using company machines, leading to an uptick in email traffic.

Unfortunately, cyberattackers will launch attacks to try to cash in on the increase in transaction activity, exploiting vulnerabilities in the organisation’s security posture. In particular, phishing attacks will be rife.

Tyler Moffit, Senior Threat Research Analyst at Webroot commented, “ Last year phishing sites spiked up 21% on Black Friday, and even higher at 58% on Cyber Monday. I predict these numbers will continue to increase, especially since we already saw a 400% increase in phishing URLs from January-July 2019.“

Alongside the increased attacks, recent research suggests that employees are prone to clicking on links at work. In fact, 59% of UK employees admit to clicking on a link from an unknown sender while at work, and over three-quarters (77%) report that they have received a phishing email at work (this is likely to increase around periods of high online activity).

To help defend against attacks and keep company data safe, Webroot recommends the following best practice tips to reduce the risk of becoming a target:

• Know the signs.** Phishing is the most popular method of cyberattack in the UK. So, it’s **crucial to make sure employees are confident in identifying the scheme of attack. A lack of cybersecurity awareness extends to other tactics that can be used in a phishing attack. People are often confident that they can spot phishing emails but fail to realise that attempts are only becoming more advanced and specific, tailored to your inbox, and quite often from a legitimate email address. Security awareness training that incorporates these phishing simulations ensures that people, processes, and technology are all harnessed effectively together to defend against cybercriminals.

• Always educate. Training will help recruit employees as part of the organisation’s defences. However, it needs to be continual, so cybersecurity stays top-of-mind and user error is minimised. Attention also needs to be paid to the method of delivery. Micro learning, or short courses about five to ten minutes each, is a best practice among e-learning specialists when it comes to information retention and attention span.

• Assess your risk profile. Every business has different risk factors, even in the retail industry. If you don’t have the expertise, get an independent security audit or a Managed Security Provider (MSP) to help assess your security posture. Work to develop a plan for adequate ongoing risk mitigation. Look at your GDPR exposure and follow guidelines to ensure the appropriate mitigation criteria are met.

Businesses will be hard-pushed to stop employees from shopping online or accessing personal emails. Organisations must ensure that they are educating staff on new campaigns and applying the appropriate security software to mitigate threats and protect valuable data.

This was posted in Bdaily's Members' News section by Webroot .