UK retailers are bracing themselves for the two busiest days of the online shopping year: Black Friday (November 28) and Cyber Monday (December 1).
Barry Scott, CTO, EMEA Centrify, said: “While Black Friday and Cyber Monday are well known for presenting opportunities to grab a bargain, it is also an opportunity for cyber-thieves to fill their pockets with your credit card information, or even worse, your identity. According to our recent research among UK consumers, identity theft, having credit card information stolen, and cybercrime are the top concerns, with one in four believing they’ve been a victim of ID theft. With this is mind, those shoppers looking to bag a deal should consider their security before making any online purchases.”
· Always shop with reputable sellers such as Amazon, and be cautious when entering URLs, a misspelled domain, or non ‘https’ site could land you on a false site designed to steal your information.
· Ensure you read the site’s privacy policy to understand how/where your personal information is being used.
· Be suspicious of links in unsolicited, phishing emails – always type the link directly into your browser, do not click on them within the email.
· If an online retailer requests a password for your email and bank account as part of the shopping process, do not enter it, and be sure to use different passwords for online retailers than those used on email and bank accounts. If a hacker attains the password for one particular site, they will then have access to many.
· Secure mobile phones if you plan to use them for shopping by enabling security features such as passwords and encryption.
“Whether online banking, or Christmas shopping, being able to manage our password security is crucial.”
Ross Brewer, vice president and managing director of international markets at the IT security product company LogRhythm, has commented: “Black Friday and Cyber Monday have become two of the biggest phenomenons in the shopping industry, and the dates that retailers – and consumers – from both sides of the pond now look forward to ahead of Christmas. However after a tough year, which has seen the likes of eBay, Target and OFFICE suffer data breaches at the hands of today’s cybercriminals, all eyes will be on retailers to ensure that consumers’ online shopping experiences are as straightforward and, most importantly, secure as they can be.
“With so many credit cards being registered and used online, it’s no surprise that cybercriminals will be preying on as many shoppers as possible. As such, it’s now more imperative than ever for retailers to have the right procedures and defences in place to fend off the hackers’ sophisticated threats. Indeed, it really is a case of when, not if, they will be targeted and retailers need to take more responsibility when it comes to protecting their customers’ confidential information – not just for their customers, but also for their own reputation. Recent breaches have already affected consumer spending patterns; with the public now much more wary of whom they trust with their details.
“What retailers must not do is take shortcuts when it comes to protecting their customers’ data. If they aren’t continuously tracking and monitoring their networks for anomalous activity, then they aren’t doing a good enough job at proactively defending against cybercrime. Indeed, failing to do this and instead taking a reactive approach could seriously impact retailers’ Christmas trading figures going forward – something none of them can afford to risk.”
And Paul Ayers, VP EMEA at data security product company Vormetric said: “The online shopping events of Black Friday and Cyber Monday potentially present cybercriminals with an opportunistic chance to get their hands on a payload of sensitive data. Given 2014 has already been marred as the year of data breaches at big name retailers, sellers worldwide will find themselves under intense pressure this week, not only to ensure their websites cope with the surge in demand, but also to ensure that the influx of payment data and personally identifiable information crossing their networks is kept well protected from cybercriminals.
“Throughout the year, we have argued that existing security stances and attitudes must adjust to a changed world – perimeters are permeable and APT attacks are the norm. As such, retailers must make sure their servers and databases – which will hold the bulk of their structured and unstructured data assets – are not an ‘easy target’ for hackers.
“With reputation and profit on the line, retailers must ensure that they have adequate fraud detection and prevention mechanisms in place to protect customer data. The best way to mitigate the impact of data loss, which is becoming an increasingly likely scenario, is to make sure that all data amassed is stored in obfuscated form so that it is useless to any would be hackers. Equally, all web traffic and database activity should be looked at with caution and anomalous behaviour or suspicious activity notification alerts should be acted upon immediately and not dismissed. Though some may say it will be harder to ensure nothing slips through the data security net during the frenzy, consumers will not be best pleased to find that the deals they secure come at the expense of their personal data.”
