Staying cyber safe this Black Friday & Cyber Monday (Part 2)

HomeThinking → Staying cyber safe this Black Friday & Cyber Monday (Part 2)

Tips for navigating the online sales without falling victim to cyber criminals

Part 2: Cyber safety tips for businesses

In Part 1 of this post, we looked at ways consumers can minimize their risk of having personal and financial details compromised when shopping online. However, it’s not just consumers at risk, the peak shopping periods of Black Friday and Cyber Monday also put businesses’ cyber security on the line. In part 2 of this post, we look at what organizations can do to minimize the risk of falling victim to a cyber attack during one of the busiest online shopping periods of the year.

For many businesses, digital channels represent the modern shop window. With record numbers of transactions aligned to bargain-day incentives1, cyber criminals may seek to steal money, customer data and payment card information or simply cause business disruption which can damage both your brand and bottom line.

It is no coincidence that the retail sectors shift online over the last decade has coincided with a rise in targeted cyber attacks. In fact, Trustwave’s 2019 Global Security Report found the retail industry to be the single biggest industry for cyber crime, accounting for 18% of all cyber attacks2. As businesses ready themselves (and their digital platforms) for the online stampede of bargain hunting shoppers, it is imperative that good cyber hygiene doesn’t get forgotten in the race to meet demand and remains a central part of the planning process.

The basics often go a long way, so in addition to continuing good practices here are five tips to help your organization stay cyber safe this sale season:

  1. Understand your risk: this may seem obvious, but it can be the most important. If there is about to be a change to your business (e.g. a doubling of typical online traffic) then it’s important to understand how this can affect your risk position and determine whether you have the right defenses in place.
  2. Tune your defenses: Even with a wide arsenal of tools available to help protect your organisation from cyber threats, it can be difficult to stay ahead of those working against you. Given the heightened demand (and potential threat) it’s important to tune your tooling effectively. Marketing in a new geography? Tailor your tooling to factor this in. Utilizing a new platform? Make sure you have appropriate visibility in your existing security monitoring. This doesn’t need to mean masses of new work or tooling but making the most of your existing investments can do a lot of good.
  3. Get ready to respond: with peak sales occurring over a short period of time, the cost of an incident will likely be far higher than other times of the year. Aside from the technical aspects of readying systems (capacity, bandwidth etc.), it’s important to scale your response teams (or partnerships) to protect online revenue streams. If something seems different, investigate. On days such as Black Friday or Cyber Monday, anomalies are everywhere – last year Cyber Monday broke sales records with a spend of $7.9bn in the US3. In a time of constant data and shopping records, it’s still important to appropriately investigate those incidents which do occur. They may well be false positives, but if they are something more serious – it is better to catch them early.
  4. Monitor, monitor, monitor: visibility can provide insight into what’s really going on from a security perspective. If there are critical platforms, data sets or user groups which pose a larger threat to an online business model, it’s a good idea to monitor them and tune your alerts and alarms so that you get the right information to be actionable at the right time.
  5. Don’t cut corners: organisations increasingly hear that security is a board-level priority – and they need to hold themselves to account. If the potential impact associated with a technology change raises concern from a security perspective, it should be addressed at the appropriate level and dealt with accordingly. In some cases, implementing the required security measures may add time and costs to a digital project but this far outweighs the potential losses and fines associated with cutting corners and being unprepared.

 

Keep your organisation cyber safe
This is not an exhaustive list – in many cases these processes will already be in place – however as we ready ourselves for the busiest weekend in online sales of the year, it is important to remember the essentials: understand your risk, the potential business impact and manage it accordingly.

Click here to read Part 1 of this blog post: Cyber safety tips for Consumers

For further information on the issues covered by this article, please get in touch.

Click here to subscribe to the Aon’s Cyber Solutions Blog and receive our latest insights directly to your inbox.

 

  1. https://www.salecycle.com/blog/strategies/black-friday-ultimate-ecommerce-guide/ citing Adobe Analytics 2018 online shopping data for Cyber Monday and the holiday week overall
  2. https://www.trustwave.com/en-us/company/newsroom/news/new-trustwave-report-underscores-progressing-global-cybersecurity-threats/ citing Trustwave’s 2019 Global Security Report
  3. https://news.adobe.com/press-release/experience-cloud/adobe-analytics-data-shows-cyber-monday-broke-online-sales-record-79


Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.


Copyright 2021 Aon plc. All Rights Reserved.


Copyright 2021 Aon plc. All Rights Reserved.
Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.