Black Friday, and the following Cyber Monday, represent that time of year when the best deals and prices are on offer at retailers and ecommerce platforms.
The shopping frenzy often means that security and personal information is treated as an after-thought, “as opposed to something that is baked into our online shopping behaviours,” says Haroon Malik, Director of Cyber Security Consulting at Fujitsu UK.
“Both consumers and retailers must take steps to protect personal information at a time where cyber scammers and hackers are searching for their black Friday deal on our personal data and information.”
Black Friday? Something is very wrong
Retail organisations, the same as other organisations in different industries, must adopt a ‘security by design’ approach, where security is built into every single step or process a customer may go through when purchasing a product.
“Because technical controls can only go so far to protect data, the responsibility shouldn’t rely on organisations solely: consumers also have an obligation to be aware and vigilant to protect their data,” says Malik.
“Phishing attacks increase by as much as 336% around Black Friday, which means customers are more at risk to email, text and social media scams than ever before. While it’s easy for customers to get distracted by Black Friday activities, organisations need to do more to alert and educate them on simple best practices, such as recognising deals that might be ‘too good to be true’ or using public Wi-Fi networks with caution.”
“In today’s digital world, no one is immune from data theft. Every day there is a new exploit or vulnerability and the security landscape is constantly evolving. This Black Friday, scammers will be taking full advantage, which means organisations need to take a more holistic approach to protecting themselves, their employees, as well as customers. Retailers that show concern for the security of customer data and information will be the ones which benefit from increased customer loyalty and trust.”
Soothing the Black Friday headache with analytics
How do your favourite retailers fair?
Sectigo, the world’s largest certificate issuer has studied 25 major UK retailers and provided a ranking, according to how effectively they maximise trust with their site visitors. To receive top marks an online shop must present its authenticated identity in a branded address bar and prevent “Not secure” warnings from displaying.
A mere 9 out of 25 top UK retailers earned the best possible ranking for using certificates to optimise browser trust indicators for their sites.
Key to the Sectigo Rating results:
Green = Company branded address bar visible starting on home page; no “Not secure” warnings.
Yellow = No company branded address bar on home page; no “Not secure” warnings.
Red = No company branded address bar on home page; “Not secure” warnings present.
Avoid the Black Friday security threats
Here are three tips from Malik on what organisations should be communicating to customers this Black Friday:
• Be vigilant and aware: People are the weakest link! While technical controls go part-way to protecting personal data, vigilance and awareness (especially when something is not right) are the key attributes to help protect data and information. Consumers need to try to understand which apps and platforms are genuine and secure, and should be extra cautious. Beware of the deals that are too good to be true as there’s a high probability of you getting scammed. Fraudulent scammers pretend to be legitimate online sellers by using a fake website or posting a fake ad that looks too tempting to resist.
• Update passwords: We’re living in an age where we use passwords for absolutely everything and every service. The mistake we often make is using the same password for every service or application. This is an absolute no-no because there is a significant chance that all the services that use this password will be compromised if one is hacked. The advice we should be giving to consumers this Black Friday (and going forward) is to change passwords regularly and make them as ‘complex’ as possible. Using tools such as password manager – a virtual vault that stores all complex passwords – makes password management much easier.
• Be mindful of public Wi-Fi networks: More and more, online shopping is being done over public Wi-Fi networks which are not always secured by default. This is fine if consumers are just browsing, but if they are transmitting credit card or sharing any personal information they should be wary when using unsecured wifi networks as the traffic may not be encrypted and will be available in plain text. Data that is sent over a regular HTTP connection, between your browser and the website that you are connected to, will be in plain text and therefore can be read by any hacker looking to exploit you. HyperText Transfer Protocol Secure (HTTPS) is the secure version of HTTP, where all communications are securely encrypted. The Site Identity button (a padlock) appears in your address bar when you visit a secure website using HTTPs.