Cyber Monday Creates Enterprise Security Risks

Today is cyber Monday, the day when online retailers post their best deals in an attempt to get consumers to buy even more than they did in person on Black Friday. Cyber Monday started several years ago, when many people had Internet access only at work. After being off for 4 days, employees returned to their offices on the Monday after Thanksgiving and logged back on to their computers, searching for sales and deals they might have missed over the weekend. Retailers quickly jumped to the challenge, and these days you can often find phenomenal prices on gifts without standing in line and fighting hordes of people. Prices fluctuate throughout the day, as stores search for that optimum price point that will not only entice consumers to look at their products, but to buy them. The result is that employees will spend more time shopping online today than any other day of the year—some sources estimate that workers will waste up to 4 hours of their workday today.

Cybercrooks are working overtime today also, with a barrage of spam and phishing scams designed to lure consumers. Given that so many employees are shopping from work (more so today, but also all year long), what can IT departments do to protect their organizations’ security? First, enterprises need to make sure their antivirus solutions are working and current. Antivirus software that scans web traffic is more likely to catch suspicious activity than are products that simply run on the mail server or on users’ PCs. In addition, companies should consider using solutions that block not only phishing emails but also the malicious code they contain. Although organizations might want to just accept the inevitable and remind their employees to use good practices if they decide to shop online while at work, they might also consider monitoring user activity or locking down Internet access.

If employees do shop online, they should take their own precautions. They should beware of deals that seem too good to be true, especially from retailers they aren’t familiar with. They should resist the urge to click links in any email messages. If a retailer is offering a bargain, consumers should be able to find it from the retailer’s main web page. Users should use the latest version of their web browser, and make sure their antivirus/antispam software is up-to-date. In addition, they should consider using different passwords for each merchant. And if they do find some great sales, they should be sure to use their credit card rather than debit card, which is linked directly to their bank account and therefore a major hacking target.

Security administrators know that users are one of their biggest security holes. Online shopping can open your network to all kinds of attacks, so it’s important to be vigilant during this prime shopping season.