December 2, 2015 By Rick M Robinson 2 min read

Online Shopping Rules the Holidays

‘Tis the season for online holiday shopping. Unfortunately, cybercriminals know that this is also the best season for retail-related crimes. Holiday shopping can be frenetic, and online shopping is no exception. Consumers are making more purchases, are busier and are more distracted, which can lead to making security mistakes that will come back to haunt them.

Enterprises could also end up finding coal in their holiday stockings. Those harried consumers doing their holiday shopping online include your employees. And — let’s be honest — some of them will be doing their online shopping during work hours or with corporate devices.

Even if they aren’t shopping from their desks during work hours, your employees may be shopping using the same devices they use on the job. That makes the hazards of online shopping over the holidays a concern for everyone.

How Cyberthieves Cash In on the Holidays

Online shopping poses two major potential security risks for shoppers and the employers whose security they may accidentally compromise.

One threat is accidentally downloading malware, which may then proceed to do what malware does: look for data to steal and opportunities to spread itself to steal even more data. The other online shopping risk is being taken in by scams that can lure shoppers into providing lucrative data, from credit card numbers to account passwords.

These hazards are amplified over the holidays, NBC News noted. Not only are people doing more shopping, but they are more likely to be looking for special holiday gifts at online stores they don’t regularly visit. When online shoppers go outside their comfort zone, they could expose their systems to malware simply by clicking on an unknown and malicious site.

Shopping is not the only online risk that peaks over the holidays; charitable giving also goes up. And just as unfamiliar online stores can pose security risks, so can unfamiliar and potentially nefarious online charities soliciting donations.

‘Tis the Season to Be Proactive

The best holiday advice for online shoppers is to be sensible and a bit wary. Do not let excitement or the hectic holiday pace lead to careless errors. These are good lessons to reinforce with employees or integrate into a security awareness program.

For businesses protecting their IT environments from holiday hazards, the first line of defense is to remind employees about online holiday shopping fraud and how to avoid these schemes. The second line of defense is to recognize the heightened threat level and take proactive steps. This could be a good time for IT to evaluate its security and update its defensive measures.

The holidays could also be a good time to require everyone to reset their passwords. One easy password scam available to malicious websites is simply to ask site users to create a password. All too often people will enter a password they are already using on another account — perhaps their work password. Resetting credentials at the start of the holiday shopping season, and again afterwards, is a good way to minimize the risk from this threat.

As always in the IT security world, no defense is absolute. Threats are constant. But awareness of holiday-related online shopping hazards is the first step toward protecting your employees and business from a nasty holiday surprise.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today