Whether your business services consumers or clients, the up and coming holiday season presents a tremendous amount of risk to your organization. The flurry of online spending captures the interest of cyber criminals all over the world, as they seek to capitalize on careless behavior that is more evident at this time of the year. Buyers are stressed and making poor decisions in search of the best possible deal. They use public WiFi to make purchases, neglect to validate seller authenticity, nor follow even the most common sense practices of cyber security. Businesses adopt some of these same traits as they seek to secure as many sales or contracts as possible before their annual fiscal period concludes.
All of this is seen as a free-for-all for hackers and hacking groups. They fill cyberspace like a shopping mall on Black Friday, weaving through the web in search of vulnerabilities they can expose for financial gain. In fact, CSO reports that organizations typically see an over 20 percent increase in attempted cyber attacks between November and December. No B2B or B2C can rest on its laurels. What got you through the first three quarters of the year may not here at the tail end. Here’s what you need to do.
5 Ways Your Business Can Prepare Itself for the Impending Wave of Holiday Season Cyber Crime
1. Know the Holiday Hacks
While hacking is a four-season affair, there are some tactics that you can expect to see increase during the holidays, which is why in addition to updating your cyber security (more on this below) you must get into the habit of performing manual checks of your website, one of your most valuable yet vulnerable assets. This is because cyber criminals who gain access to your site are replacing your call-to-action (CTA) links with their own, sending payments and personal/financial information directly to them, with the customer/client being none the wiser. Moving forward, inspect all CTA links, making sure that they take users to the intended URLs, shopping carts, payment pages, forms, and so forth.
Malicious links are also more likely to be delivered to your staff via email phishing schemes this season. Hackers know that vendors and suppliers are reaching out to their contacts with holiday season deals to increase their own B2B-focused business. Your staff may be looking to capitalize on such deals for the good of your organization’s bottom line. However, becoming click-happy can put your company’s cyber security on the line. Then there’s the back and forth sharing of information regarding corporate holiday affairs and the like, complete with links and attachments that bait recipients to click to view offers, tickets, event photos, and more. Hold a meeting with staff and stakeholders alike, letting them know to not click on single link until this 5-step protocol is in place.
Another tactic has cyber criminals setting up phony websites that appear to be identical to your own, using a similar URL with some small variance. While most of the onus falls on the consumer to recognize this, it’s a good idea to monitor the web for websites purporting to operate under your brand and report them immediately.
Also expect an increase in ransomeware. Hackers know your desperation as the fourth fiscal quarter comes to an end. They know that crippling operations in December could result in your financial ruin and so you’re more likely to pay up as opposed to negotiating or scrambling to see if you can recover without giving in to demands. This leads us to your next action item.
2. Make You Have a Business Continuity Plan in Place
Going into the holiday season without a continuity plan is like Santa not having Rudolph ready with his red nose to guide the sleigh through harsh weather. Putting off delivery by a few hours much less a day is simply not an option.
For one, you need increase migration to the cloud so that your data and essential workload is backed up in real time and ready to be accessed immediately in the event of a ransomware attack. In addition, you must institute a disaster recovery plan, which is much more robust than data backup. It’s a set of policies and procedures which focus on IT infrastructure and all technological systems that support the critical functions of your organization. Also, you must perform an immediate and comprehensive review of your hardware and software, repairing, replacing, updating and upgrading where needed. View our complete guide to setting up your IT disaster recovery plan and put it in place before the bell tolls (or jingles).
3. Secure All Points of Sale and the Payment Lifecycle
You may have taken steps to better secure purchases made on your website and through email solicitations and campaigns, but it’s important to note the modern vulnerability created by the Internet of Things (IoT). IoT is instrumental in many point-of-sale (POS) terminals, but while a convenient way to accept payment, their use of cellular networks creates risk. Whether using credit card readers, square readers, digital wallets, or some other form or combination, you must secure all applications and institute better encryption and multi-factor authentication.
Pay close attention to the entire payment lifecycle. The system moves a transaction from consumer to point-of-sale system to the credit card provider and on to the issuing bank and/or third-party payment processor. If every point in the channel is not secured, the transaction may fall into the hands of hackers.
4. Be Prepared to Comply
With the EU’s adoption of the General Data Protection Regulation (GDPR) and Canada’s November 1 2018 update to the Personal Information Protection and Electronic Documents Act (PIPEDA) you must now have a stringent data breach reporting and record keeping protocol in place or face fines so large that your business may not afford to be around for the holidays next year. Long story short, your business is solely responsible for identifying and immediately reporting hacks and data breaches to the regulatory bodies along with potentially impacted customers and clients.
Worried about backlash at a time of the year when you should be bringing in sales? Fret not, because studies show that consumers will still trust a brand after a breach, as long as impacted companies show good faith and immediately inform them about the event. Too bad Uber didn’t have this information prior to their infamous attack and subsequent multi-million dollar fine.
5. Secure a Partner in All-Season Cyber Security
Anti-virus is about as effective as screen door on a cold winter’s night. It may keep out some the hazards, but in the end it can’t keep out the impending storm. Your organization needs to tap into the advances in artificial intelligence (AI) and machine learning in order to detect zero-day threats (those that exploit an unknown computer security vulnerability), advanced malware, targeted attacks, and ultimately stop advanced threats by securing endpoint patient zero. While there are business solutions (i.e. MS 365) and tools (i.e. CylancePROTECT) your company can adopt to leverage AI and machine learning, an attempt to learn and integrate these solutions in a timely manner on your own with the holiday season looming is a daunting prospect.
Instead, give your company the greatest gift it could ever receive for the holidays by securing the services of a Managed Services Provider (MSP) with expertise in cloud solutions and cyber security. Only then can you gain peace of mind at this otherwise special time of the year. Better yet, consider this a gift that keeps on giving as when you secure your IT systems through the holidays, you set the table for cyber security through all four seasons.
Don’t let cyber criminals put a lump of coal in your stocking so big that your stock drops in the eyes of customers/clients. Instead, contact Fully Managed Inc today for a consultation.