April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Online holiday shopping can expose shoppers, retailers and employers to cyber threats
By Steve Bittenbender
Editor, Government Security News
With the official start of the Christmas shopping season just hours away, technology experts are encouraging both shoppers and retailers to take some safeguards to protect their information online.
For many, the season has already started, with more than half of Americans already purchasing gifts according to the National Retail Foundation. Holiday sales are expected to top $650 billion this season and a majority of shoppers plan to shop at least in part online.
A recent survey by Cybereason indicates shoppers are less security conscious this time of year as 70 percent indicated they are more apt to buy from an unknown retailer if they find the right deal. While 62 percent of those surveyed admit to being concerned being hacked, the firm found that 40 percent still won’t take the necessary steps to protect their equipment or their data.
Before shoppers click to finalize any purchase, consulting firm Ernst & Young recommends they review the passwords they have established at their favorite e-shopping sites. While strong passwords can hinder cybercriminal activity, EY consultants still advise shoppers should change their password if it is more than a year old, and consumers should not use the same password for more than one site.
"Credential harvesting and electronic social engineering (phishing) are still the top techniques used during any electronic attack that is why it is very important to safeguard your information and reset your passwords during the holiday season," said Chad Holmes, Principal and Cybersecurity Leader at Ernst & Young LLP. "Cyber Monday is a perfect annual reminder for people to update their cyber security hygiene like passwords to ensure they provide a strong defense against attacks from cybercriminals."
With many retailers promoting “Cyber Monday” for their biggest online sales, it’s not just personal computers and mobile equipment that can become vulnerable to hackers. Many shoppers will use their work equipment to find the right gift, and that can lead to cybercriminals getting one themselves.
“Employers should take note since tens of millions of additional people will be shopping for their holiday gifts during Cyber Monday and during work hours, increasing risks to the corporate networks,” said Israel Barak, Cybereason’s chief information security officer.
Holmes also recommends that shoppers steer clear of clicking on online ads or other shortcuts. They may take you to the site, but they also can expose you to hackers who can then access your data. It’s best to go to the site directly, and if the retailer’s site isn’t encrypted – look for the padlock on your browser bar – then your personal data could be easily exposed.
At this time of year, shoppers should be checking their bank and credit card statements daily and report any suspicious purchase immediately. Holmes said hackers will often start small, such as a spending $5 at a coffee shop, to see if hacked consumers are paying attention.
The Identity Theft Resource Center encourages shoppers to use a third-party payment solution, like PayPal, if they have any concerns about a site’s security. Using a prepaid debit card also can add a layer of security as it keeps hackers away from your primary credit cards and checking accounts, but prepaid cards may charge a fee for every time you use the card.
In addition, shoppers should make one extra purchase this season, the center said.
“If you plan to do any online shopping next week, now is the time to invest in some software (typically between $20 and $40) and install it to make sure there are no known threats already in place in your computer,” the ITRC said.
Shoppers aren’t the only cyber targets this time of year as cybercriminals can also use bots – computer programs designed to mimic an actual user – to infiltrate retailers for a variety of data. Hackers can use bots to steal proprietary data, such as pricing or inventory information, or stored information, such as a customer’s credit card or gift card number. Not all are bad, so experts urge retailers to use a solution that allows the harmless ones, such as Google’s search engine optimization bots, to do their job while preventing the others from infiltrating.
Rami Essaid, CEO of Distil Networks, told the NRF’s STORES Magazine that while there are fewer “bad” bots around now, the current ones are more complex. Just like shoppers, these bots will come out in droves this holiday weekend. Retailers need to make sure they’re protecting their online enterprise when they’re developing their loss prevention strategy.
“Why would you spend more on security guards for physical loss prevention without putting at least that same amount of security online to thwart the ‘bad’ bots,” he said.