Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Nov 30, 2018

Here's how to get your security prepared for holiday season.

City overview image - Blog Image 2018.jpg

You absolutely have to love the power of marketing when accomplished on a large scale. First there was “Black Friday” where, starting in the 1950s, brick and mortar retailers capitalized on the opportunity that most American consumers were given the day after Thanksgiving off work, so they kicked off the Christmas shopping season with sales on that day.

In the early 2000s this day became known as “Black Friday” and not to be outdone by their real-world counterparts, online retailers cooped up the following Monday as theirs.

What is Cyber Monday?

Thus, the concept of online “sales” (as in special one-time huge price-discounted online deals) were born, and very few marketing phenomena can eclipse that of the invention of “Cyber Monday.”  According to Wikipedia:

“Cyber Monday is a marketing term for the Monday after the Thanksgiving holiday in the United States. The term "Cyber Monday" was created by marketing companies to persuade people to shop online. The term was coined by Ellen Davis and Scott Silverman, and made its debut on November 28, 2005 in a press release entitled "'Cyber Monday' Quickly Becoming One of the Biggest Online Shopping Days of the Year".”

And if you don’t believe the hype, just look at the statistics. According to a Forbes headline, 2017’s “Cyber Monday Hits New Record At $6.6 Billion, The Largest Online Shopping Day In U.S. History.”  You can only image what this year’s results will be given the increased dependence on convenience and technology for the average consumer. Unfortunately, this is also a time for cyber criminals to step up their game as well, so understanding a few best practices for your protection should certainly be of interest.

Best Practices for Protection

For companies, CSO Online offers these three suggestions to “Prepare For Your Cyber Monday Concerns” that also apply for the entire holiday season as well.

  1. “Patch Your Systems: Most exploits and malware attacks target known vulnerabilities for which patches have already been developed. Make sure your operating system, applications, and any network hardware are current with the latest patches and updates and you will thwart most attacks.

  2. Update Your Anti-malware: Make sure your anti-virus or anti-malware security software is up to date with the most current signatures. Attackers often come armed with new attacks and zero day exploits, but many will also use viruses, Trojans, and bots that your antimalware software should be able to detect and block.

  3. Educate Your Users: This is the most important step. The user is always the weakest link in the security chain, and an uninformed user can easily subvert even the best security tools and techniques. Make sure your users are aware of the increased risk, and that they're especially observant for deals that seem too good to be true. Make sure your users know that Cyber Monday is not an excuse to circumvent security policy, or forget basic security principles.”

I would also offer you as a consumer the following advice:

  • Avoid insecure payments: Security Boulevard offers this advice to avoid insecure payments: “Use only trusted websites that you regularly do business on; Check the URL bar for a green EV certificate (best) or the secured site you started on; For online shopping, use a small-balance credit card (debit cards have worse fraud terms and conditions) not associated with your main bank account or even your main bank; Do not store your credit card information on websites; this opens you up to account hacks that misuse your funds; Stop if an unexpected payment pop-up window appears, particularly without an address bar.”

  • Avoid insecure websites: If you haven’t figured out the difference between HTTP and HTTPS by now then you should know that anything sent over a website designated HTTP will communicate via clear text while HTTPS will encrypt transmissions. So it stands without saying that you should avoid retail commerce over websites without HTTPS.

  • Limit what you do over public WiFi and use best practices: Everybody seems to be listening in on public WiFi these days. There have been too many articles on the subject to pick a favorite. Just assume that everything you do over public WiFi is complete visible to everyone and then act accordingly and you should be covered.

  • Before “clicking” stop, think and check if it is expected, valid and trusted: This may sound like a blatant statement of the obvious, but always think before you click. Technology has made it too easy to click so the burden of responsibility falls on your own human judgement.  Just taking the time to review everything in detail before you commit can potentially save you from a costly mistake.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Nov 30, 2018

You may also like:

Improve Threat Detection and Response with SIEM Integration

Add email security data into SIEM soluti…

Add email security data into SIEM solutions for improved thr… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Nov 28, 2018

Bridging the Cyber Divide – You’re the Weak Supply Chain Link

Cyberattackers are going after you to ge…

Cyberattackers are going after you to get to your biggest cu… Read More >

Ed Jennings

by Ed Jennings

Chief Operating Officer

Posted Nov 27, 2018

Threat Intelligence for You: 5 Ways to Prove Value

You can do threat intelligence—eve…

You can do threat intelligence—even with a small budge… Read More >

Gary Hayslip

by Gary Hayslip

Vice President, CISO of Webroot

Posted Nov 26, 2018