Preparing for Cyber Monday

Mark Cunningham-Dickie, Cyber Incident Response Manager at Scottish Business Resilience Centre

By Mark Cunningham-Dickie, Cyber Incident Response Manager at Scottish Business Resilience Centre

WE’VE already seen a huge increase in online shopping this year thanks to the Covid-19 pandemic, but with Black Friday, Cyber Monday, and Small Business Saturday rapidly approaching, most retailers are hoping for big sales in the next couple of weeks. One study expects people in Scotland to spend an average of £289, primarily online, on Black Friday and Cyber Monday alone – great news for retailers!

However, with the rise of online activity has come a corresponding increase in cyber crime. This is particularly of concern to businesses in the retail sector, 40% of whom haven’t taken any actions to identify risks.

There are a number of ways businesses can protect themselves, both in advance of and during these periods of peak online purchasing.

Beware of fake customers

Phishing is the most common form of cyber attack, representing 86% of attacks on businesses. Beware of fake customers getting in touch with false claims, especially those who send attachments or links.

A good guideline to follow is to always look at the file extension of attachments: be extra cautious of .zip, .hta and .pdf files, and never run .exe files unless you were expecting them. If you’re unsure, take a few minutes and call the customer. If you can’t reach them, save the file somewhere safe and run an antivirus scan over it. The extra time it takes is worth it to mitigate the risk of an attack bringing down your operation.

Increase security

At the bare minimum, your website should have a certificate to show secure communication and your systems should have up-to-date antivirus protection. Site encryption and security is easily identified by the padlock symbol which should appear next to the URL box and a website that uses HTTPS versus HTTP protocols, which many consumers know to look for before making a purchase.

Go beyond this and have your website tested – this is where ethical hackers can help. Make sure hackers can’t modify the price of products and that customer information and payment details are encrypted, as doing so will prevent hackers from being able to sell their details online. In the event you do suffer a cyber attack, having done this will also help reduce any fines from the Information Commissioner’s Office.

Lower the fallout of an attack

All the preparations in the world can’t guarantee you won’t suffer a cyber attack. Just in case, limit the impact one would have on your business by making backups regularly and keeping them offline.

Over the course of the next few weeks, many retailers will see an increase in online orders. Backups alleviate the risk of losing data or orders if you do suffer an attack – it will allow you to recover more quickly and reduce the overall impact on your business operations.

In addition to backing up your data, employee education can help lower the fallout of an attack. At most organisations, employees are the weakest link in security – but could conversely become one of the strongest and best alerting systems you have. It doesn’t matter how up to date your technical defences are; if employees aren’t adequately informed and educated about cyber security, your risk of suffering an attack and the ensuing fallout is increased.

Following an attack

If you do fall victim to a cyber attack, there are plenty of resources to help. The Cyber Incident Response Helpline is a good first stop to get free expert help confirming the attack and getting back to secure operations; the helpline can also work with Police Scotland where requested to provide evidence against cyber criminals.

If you think someone is impersonating your website or shop, contact 101 and report it as a crime. If your brand is copyrighted you should also send a DMCA Takedown notice to the hosting provider.

Ultimately, it’s important to remember that if you do suffer a cyber attack, you’re not alone: almost half of businesses in the UK can say the same. It can be a scary experience that leaves businesses feeling vulnerable – but there are myriad of cyber experts across Scotland who can help you recover and become more resilient.

The latest stories