As Christmas and holiday gift-giving is upon us, this means there are plenty of remote workers busily seeking the perfect gift for their loved ones and/or self-gifts. In the spirit of the holidays, we want to give back too by helping you to protect your business from two top threats when it comes to online shopping: phishing emails and malvertising.
Share the holiday shopping online cybersecurity checklist for each type of risk with your entire office; everyone who works remotely and in-office, and friends and family too. Everyone is at risk of falling for a phishing email or not spotting malvertising on the websites they trust.
Even though we know it is not a holiday season for all, shopping online happens all the time. In fact, with remote workers, every business risks a lot more for shopping that takes place in the regular season too.
On that note, remember our blogs to help you plan cybersecurity in the new year if you’d like to get started:
- 3 keys to a successful cybersecurity plan for the new year
- A new year cybersecurity plan that includes the remote workforce.
Now, for the last-minute holiday shopping cybersecurity checklist focused on the two top threats you want to safeguard your business and team from!
One of the busiest places for shopping deals are email inboxes. People get tons of offers and notifications from retailers in email format. Unfortunately, that’s exactly what hackers take advantage of. They find the retailers who haven’t protected their email domain properly and there’s the entry.
Security researchers have found that 75% of the top retailers aren’t using Domain-based Message Authentication, Reporting & Conformance (DMARC) records. This means these retailers are at risk of having their brand’s domain impersonated by scammers in phishing emails, which means everyone who is shopping has the risk of getting an email that is not from the actual company.
Checklist item 1: How to identify a potential phishing email
- Click on the display name to see the actual email address.
- Check for spelling errors and grammar mistakes.
- Double-check that you find the deal on the retailer’s website and/or their official social media account.
- If there is a sense of urgency question it and don’t click on the hyperlink.
- It’s always best to never click on the hyperlink or download an attachment, until you’ve done step 3 and checked to see if the offer is legitimate.
- When you visit the website to double-check the offer, DO NOT click the website link from within the email. Type it in yourself in the browser.
For anyone who hasn’t heard about malvertising from your team, you can break it down to them like this: it is an ad with hidden malware. They are hard to spot because they are often distributed by trusted ad networks and on websites or apps that people trust and use all the time. Companies such as Spotify and Forbes have both suffered as a result of distributing malvertising campaigns that infected their users and visitors with malware.
Guidance on malvertising will be helpful to your remote workers and overall business teams, for the holiday shopping spree, but also for online shopping in general.
Checklist item 2: How to identify potential malvertising
- Update all systems, machines, and devices with the latest patches. Remind everyone that household items count too, they have software that needs to be updated and patched.
- Have an antivirus software that works on systems, devices, networks and browsers.
- Set up their firewall to monitor redirects, iframes and other potentially malicious code that could introduce malware.
- Train your team to use the alert system so that they can call the executive security lead with a potential threat.
- Only visit trusted sites.
- Have online ad-blockers to prevent malicious pop-up ads from initiating a malware download.
With these cybersecurity steps, we hope you can feel safer shopping and that you enjoy fully your last-minute holiday shopping.
Happy Holidays, and Merry Christmas to those who celebrate this specific holiday.
Let us know how we can help you to protect your business this year and the next. Schedule your free consultation!
Photo courtesy of iQoncept