Six Cybersecurity Tips for the Holiday Shopping Season

Ho, ho, ho, hold on before clicking on that link advertising an amazing deal this holiday season.

Phishing, that ever-present and ever-growing organizational concern, is a preferred attack method for hackers because of its relatively simple premise: deceiving a user into clicking a link that allows access to personal information. Even with the flurry of activity surrounding Black Friday and Cyber Monday now in the books, cybercriminals still have all of December to take advantage of both consumers and organizations through phishing schemes.

The primary concern surrounding holiday phishing is to protect the regular consumer, but phishing can be just as threatening for organizations. An employee could cause a breach by clicking a malicious link from a personal email that they’ve accessed at work or by falling for a phishing scheme sent to their company email. So how can organizations make sure their people don’t give them the unwanted holiday gift of a security breach?

Here are six tips to help you and your end users get your holiday shopping done safely:

1. Organizations: refresh the topic of phishing to your employees

Remind employees how to recognize and report a phishing email. Phishing is effective because it creates a sense of urgency, which is something that might stand out as suspicious in April, but blends in right now in a season full of ads urging users to “act before this deal disappears.”

2. Be proactive; eliminate the attack before it reaches your employees

Your people don’t need to be the first defense against suspicious holiday deals. We recommend having an email security solution in place to provide targeted threat protection against spam, malware and phishing.

3. Do your shopping on a secure network

We’re all connected all the time. To keep your personal information (name, address, credit card) and devices safe, always connect to a secure network.

4. Verify shipping updates and tracking numbers manually

The most popular phishing emails during the holiday season contain malicious links disguised as shipping updates or delivery notifications. Never click on tracking numbers; copy and paste the number (or write it down) and use the carrier’s website to get your update.

5. Delete deals with attachments

Think about it: when have you ever gotten an attachment from Amazon or Target? Vendors include sales information directly in the body of an email. If you see an attachment, don’t click; it may contain malware.

6. Don’t click on popup ads

Popups may be tempting, but cybercriminals often use them to direct you to malicious websites, so it’s best to stay away. For safest surfing, go directly to the vendor’s website or, even better, their app.

How can Schneider Downs Help?

Our cybersecurity practice is comprised of experts in multiple technical domains. We offer phishing simulation assessments that will help your organization build resilience against these types of actions. Our customized assessments replicate real-world attacks and are conducted by our team of skilled professionals in a controlled and secure environment. Learn more about our cybersecurity services at www.schneiderdowns.com/cybersecurity or contact us at [email protected].