The Black Friday and Cyber Monday shopping days are set to excite Australian consumers this week, seeing shoppers swoop on mass discounts and sales in the lead-up to Christmas. According to the latest figures from Australia Post, Australians spent $21.3 billion buying goods online in 2017, which is an increase of 18.7 per cent from the previous year. (1)
Hackers regularly target online shoppers with pop-up ads, email phishing scams, spam, and more, infiltrating their personal devices, and even bank accounts. Organisations need to prepare for the security consequences when employees use company networks for online shopping and aren’t aware of the risks, or don’t take adequate precautions, according to ESET.
Nick FitzGerald, senior research fellow, ESET, said, “Organisations need to take practical steps to ensure that employees connected to their networks are responsible and safe online, particularly when making online purchases.
“If organisations lose data due to hacks or breaches, they can be liable to costly fines and reputational damage. Ultimately, organisations need to prioritise their network security, and ensure it has the ability to detect and prevent any suspicious activity their employees might unknowingly bring into it.”
ESET has shared four strong preventative and reactionary steps organisations can take to address security risks arising from online shopping:
1. Educate employees: Many employees browse online shopping sites during downtime at their workplaces. Beyond wasting time, this can compromise enterprise networks and help hackers access workplace PCs and sensitive company data. With Cyber Monday sales just around the corner, it’s a perfect time for managers to remind their teams about the risks of online shopping. They should encourage employees to do their online shopping in their own time, with their own devices, and, if they simply must catch the latest bargain, have them disconnect from the workplace Wi-Fi before they access online shopping sites, or make any transactions.
2. Prioritise passwords: Strong passwords can help protect employee devices, workplace emails, and company databases from hackers. For example, two-factor authentication (2FA) supplements standard username and password models, offering verified users one-time codes or other supplementary methods on top of their regular passwords, to access protected information. 2FA makes it harder for hackers who’ve penetrated networks to access sensitive business files and data.
3. Have strong security systems in place: Features like segmented networks can trap infections and unwelcome activity within zones, so they’re easier to detect and fend off. This also means hackers can’t access entire networks once they breach employees’ devices, instead finding themselves blocked behind additional barriers. Quality security suites should be able to match the latest developments in malware and viruses, and are far more likely to notify IT teams of suspicious network activity, and effectively combat threats.
4. Run regular security health checks: Organisations can’t assume their systems are safe merely due to a lack of surface activity. Security risks in workplace networks can exist and operate covertly, and source confidential data without being noticed. It’s important to run regular security checks to monitor network health, and ensure employees’ computers and smart devices are clean.
FitzGerald said, “Organisations shouldn’t underestimate the risks employees can bring when they shop online using work smartphones and devices, or while connected to workplace networks. It’s critical employees are aware of the threats online shopping can bring not only to themselves, but to their companies. Managers need to ensure employees and IT staff are aware of the ways cybercriminals can infiltrate their systems, and prepare themselves to prevent and react to danger, particularly as online shopping rates peak between now and Christmas.”