What business owners and MSPs should know about the year’s biggest online retail holiday
It’s no secret that Black Friday and Cyber Monday are marked by an uptick in online shopping. Cyber Monday 2017 marked the single largest day of online sales to date, with reported sales figures upwards of $6.5 billion. Data from Webroot charted a 58 percent increase in traffic to shopping sites on that day. And while Black Friday originated as a day to tussle with your neighbors for deals in person, online retailers like Amazon and eBay wouldn’t be left out and have begun offering their own deals.
What’s less often discussed is the corresponding rise in cybercrime that accompanies these online retail holidays. Webroot noted a surge in phishing and fraud sites of 203 percent between November 19 and December 5, with the number of such sites peaking on Cyber Monday. Instances of spyware and adware also rose 57 percent during the busy holiday shopping period, again peaking on Cyber Monday.
The Problem with Cyber Monday
For business owners and those in IT, Cyber Monday likely means lost productivity as employees bargain hunt at work rather than actually work. (It’s interesting to note that, according to CNET, the first Cyber Monday in 2005 was intentionally made to fall on a weekday so workers could browse shopping sites on faster computers.) As our data shows, more than just a few hours of lost productivity are at stake.
Employees expose business owners to greater risks of phishing scams, ransomware, and other types of attack that could significantly lengthen downtimes for all employees, or even shutter a business completely. According to a Better Business Bureau study on cybercrime, more than half of businesses would cease to be profitable within a month if a ransomware attack were to lock them out of essential data.
What’s a Business Owner to Do about Cyber Monday?
Whether you’re a business owner or provide IT services, you’re likely to see employees or clients indulging in deals this Cyber Monday. But there are strategies for limiting your risk on November 26. As with much of cybersecurity, you can manage your policy for online shopping based on what you consider acceptable levels of risk.
With network-level protection it’s possible to block access to any sites categorized as “shopping,” while still whitelisting trusted domains. Our research shows Amazon, the Apple iTunes Store, and Walmart rounded out the top three most visited shopping sites last Cyber Monday, so employers may want to consider whitelisting those sites specifically, while still blocking less reputable ones. Webroot offers DNS protection with the ability to filter according to more than 80 categories, including gambling, adult content, and weapons, as well as shopping. Set a policy to block the shopping category this Cyber Monday, with your own tailored exceptions and presto, problem solved.
There are also other, less prohibitive strategies for protecting employees and clients, too. Tools like Webroot’s Web Classification and Reputation services forecast the risks of visiting more than 27 billion URLs, which can help user determine if that deal really is a little too good to be true. IP Reputation Services make a similar determination based on an IP’s risk score.
Real-Time phishing protection and hands-on phishing simulations can go a long way toward improving security, too. The surge in these types of attacks represents cybercriminals focus on the weakest element of a company’s IT security: the end users themselves. Catching phishing attacks before they’re clicked and teaching users to be vigilant about threats by using custom phishing templates are paramount to your business’s security posture.
So there are a variety of methods for limiting disruption from online shopping in the workplace, so business owners and managed service providers shouldn’t let Cyber Monday come and go without preparation. Employees will almost certainly be on an online hunt for deals and cybercriminals know it.
Focus on security now, before a user’s big savings end up costing you.