Karl Barton, Senior Director of International Channels and Alliances at SecureAuth, offers up some top tips for safeguarding businesses during online sales.
In the age of digital transformation, more and more consumers are turning to ecommerce retailers for the convenience of shopping from anywhere, at any time, from different devices, and with the additional bonus of exclusive online discounts. Amazon Prime Day is a global shopping event for Prime members with big savings and deals like Black Friday in the Autumn. Shoppers eager to participate in online sales such as Amazon Prime Day frenzy and general summer sales will often hunt for deals from home, on the go, or from their place of work, to shop the online opportunities ecommerce retailers bring.
At the same time, cyber attackers love the increased online activity with the sheer volume of valuable consumer information and opportunity to invade business private networks. Employees shopping from company-issued devices, or bringing new devices such as smartphones, tablets, and smartwatches and connecting them to the corporate network can cause IT teams frustration and introduce new threat vectors.
Here are some top tips for safeguarding businesses during the online sales and increased online activity.
1. Beware of the Phish
Ahead of major sale event such as Amazon Prime Day, organisations and employees should expect an increase in phishing attempts. Phishing is one of the most effective means for cyber criminals to access corporate networks. With stronger cybersecurity measures being deployed each year, phishing campaigns have become more targeted. Combined with the sheer volume of emails from payment processors, retailers, and delivery companies, it’s difficult to spot the true notifications from retailers versus well-crafted phishing attempts.
2. Update user authentication methods
Corporations need an approach that protects both the user and the business at the access point. Attackers gaining access with stolen and compromised credentials is a major cause of data breaches according to the Verizon Data Breach Investigations Report 2018. Username and password combinations are notorious for offering suboptimal security, however adaptive authentication is one approach that strengthens identity and access management without negatively impacting usability. That’s because risk checks are completed without users even being aware of it — and multi-factor authentication is applied only if risks are detected.
3. Limit user privileges if a compromised device is suspected
Updated email filtering tools and security malware defences should be made mandatory by businesses for all devices, including BYODs. In the event of any anomalous activity, a clear strategy on what to do if they suspect their device has been infected is crucial.
4. Implement regular security training programmes
Training will help recruit employees as part of the organisation’s defences, as user vigilance helps monitoring activity for phishing attacks. However, this is only effective if they know what to look for. By equipping employees with the knowledge they need to spot these attacks, they can flag any potentially malicious emails to security personnel before an incident occurs.
5. Perform regular penetration testing to identify weaknesses
It is essential that organisations understanding where vulnerabilities lie. Penetration testing allows security teams to gauge the security of the infrastructure, to find vulnerable environments and apply the appropriate measures to address these weaknesses.
Businesses will be hard-pushed to stop employees from shopping online, or accessing personal emails, and malicious attacks will never stop trying to gain access into enterprise systems. However, if security teams can recognise security vulnerabilities and adopt an adaptive and proactive approach that ensures a smooth authentication for employees, businesses will be in a strong position to defend against attacks.
Read the latest edition of PCR’s monthly magazine below: