Columnist

Banking on a big Black Friday this year? Get your cyber security in order first

With all but essential shops closing through November, Black Friday 2020 will be like no other. With more businesses looking to move their business online during this period, we can expect a surge in online transactions this month. Inevitably, this will also mean an increase in attacks from hackers and cyber criminals.

As cybersecurity expert, Andrew Linn from Security Risk Management (SRM), explains, putting the right measures in place now is crucial to ensuring that Black Friday is a success and not fraught with danger.

Black Friday and Cyber Monday will undoubtedly be very different this year. There will be no crowds of shoppers descending on Britain’s high streets to take advantage of huge discounts. Instead, thousands of savvy retailers will be working hard to take their offers online and give customers the opportunity to make their purchases digitally, rather than at till-point. With a total anticipated spend of around £6 billion, this sale period will be crucial for many retailers who have faced significant financial and logistical challenges throughout 2020 due to the Coronavirus pandemic.

But it’s important for e-commerce businesses and consumers to be aware that they aren’t the only ones making preparations for a big November. Cybercriminals will also be aiming to profit from this period and looking to seize potentially lucrative opportunities at a time when they know that payment card data and personal details will be flowing through digital databases at a faster rate than ever.

In previous years, phishing attacks alone have seen an increase of 336% around Black Friday, putting consumers at greater risk of text, email and social media scams. Add malware, ransomware, viruses and distributed denial of service (DDoS) attacks into the mix and all of a sudden trading online can feel like a dangerous place to be.

Yet with the right preparation and attention to detail, you can have a profitable and productive Black Friday period.

What can be done to minimise and mitigate the risk of a cyber attack?

If your business is trading online this November, it is important to take proactive steps now, rather than simply ignoring the risk and hoping for the best. By putting the right measures in place, you can not only reduce the likelihood of a breach but also enhance your reputation and help customers to safeguard themselves.

Communication is key and letting your customers know you are vigilant in cyber security will actually build customer confidence in the process. Alert them to your security and privacy procedures and tell them what you are doing to safeguard them. If you discover that scammers are using your brand to target customers, issue a prompt warning and urge them to check that any links used to your website are legitimate. If you find and isolate those scams before your customers do, then all the better. For that you will need professional help.

With time running short ahead of Black Friday and Cyber Monday a good step to take is to scan your digital assets for vulnerabilities now and test your defences so you know where you need to improve. This is known in cyber security as Penetration Testing. Using real world experience of all types of attack, highly qualified professionals like those here at SRM can put your website through its paces to ensure that it’s fit for purpose. By mimicking the type of attacks carried out by potential hackers, a penetration tester can explore and recommend necessary improvements before an attacker finds them.

Tackling payment card fraud One of the key considerations for any business trading online over the coming weeks is the careful handling of payment card data. As any merchant currently trading should know, the Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that accept, transmit, process or store cardholder data. While PCI DSS compliance should already be ingrained in your business, now is a crucial time to revisit the processes and procedures you have in place to align with the standard – protecting your customers and your business in the process.

In addition to penetration testing, there are a number of other steps you can take this month. Here are just a few examples:

If your site is using iframes or full redirect for payment checks, now is a prime time to check that the payment process is working as it should and has not experienced any interference.

Checking websites for new code or changes to code – identifying suspicious or unfamiliar code now can help to ensure that hackers have not tampered with your website.

Checking third-party code that may be pulled into payment pages – this is another common technique used by hackers looking to access data.

Implement file integrity monitoring – this will ensure that alerts are provided on any website changes made in the run-up to Black Friday.

Review administrative accounts and check records of account logins for suspicious activity

Implement multi-factor authentication for all web administration accounts (if not already in place)

There is no doubt that businesses around the UK will be more dependent on e-commerce than ever before this Black Friday. Given the events of the last few months we all hope that it’s a successful one for businesses that have struggled to trade through the uncertainty of 2020. But if you have any trepidation or concern about the resilience of your digital presence against the threat of a cyber attack, now would certainly be the time to consult an expert you trust and make any necessary improvements as a priority.

Want to get in touch with SRM to discuss your cyber security? Click here.

This was posted in Bdaily's Members' News section by Security Risk Management .