‘Black Friday’ is a day where retailers slash prices and put discount deals online and this year falls on Friday 24th November.
As retailers increasingly conduct business online it means that retailers selling and customers shopping online are both ripe targets for cyber security attacks.
To help retailers prepare for the day Paul McEvatt, senior manager, cyber security strategy at Fujitsu UK & Ireland, has shared his top three tips for keeping retailers security-savvy.
The first tip is to remember that this is actually a ‘people’ issue and that retailers should train employees to be on high alert as phishing attacks increase by as much as 336 per cent around Black Friday.
“Both customers and employees are more at risk to email, text and social media scams than ever before,” said McEvatt.
“After all, because finding vulnerabilities is an attacker’s bread and butter, for retailers, hackers will be looking to exploit employee naivety to execute attacks.
“With it easy for employees to get distracted by Black Friday activities, it is crucial that employees from the board all the way down to graduate level are educated in simple best practices such as flagging ‘unusual’ emails from colleagues and not clicking on links from unknown senders.”
It’s also vital to implement real-time security to detect hackers says McEvatt.
“Cyber criminals are bold and do not care how much damage they cause to get what they want,” he said.
“Because organisational awareness of potential attacks is on the rise, online criminals are finding new and creative ways to dupe people into compromising sensitive financial and personal data.
“What this means is “unusual behaviour” is getting harder to detect and might not seem unusual at all.
“Whilst it’s still vital that employees are more ‘cyber-aware’ through training schemes and relevant tools, retailers must not de-prioritise investment into technical and security controls and should be working with cyber partners to put in place preventative measures.
“With Black Friday an easy target for hackers, retailers need to start proactively searching for the threats themselves instead of waiting for breaches to happen – something that can be achieved with real-time threat detection tools.”
Finally it’s crucial that retailers selling online equip their websites to deal with large amounts of traffic to avoid a DDoS (Distributed Denial of Service) attack where services are knocked offline following a sudden massive spike in traffic.
“Retailers know that consumers will be rushing to websites to get the best deals possible,” said McEvatt.
“Whether there is an accidental DDoS attack caused by this influx of traffic or malicious DDoS attacks taking websites offline, retailers are at huge risk of losing a huge amount of revenue if an attack is successful.
“Ensuring DDoS mitigation tools or services are in place, active and optimised should be a priority for any eCommerce provider.”