Cumbria Times
A Voice of the North
Jamie Durham
IT Correspondent
9:03 AM 10th December 2020

Keeping Your Staff Safe During Sales Season

With Black Friday – and its online cousin, Cyber Monday – having delivered the usual frenzy of Christmas orders, commentators expect December to signal the start of two months’ worth of online sales.

And, as the lines between work and home life become increasingly blurred, chances are, employees will be using their company devices to browse for bargains. So, how can employers ensure colleges stay safe online?

In the US – the birthplace of Black Friday and Cyber Monday – a survey of over 2,000 workers by IBM found that even though eight in ten respondents were confident in their company’s ability to handle cyberthreats stemming from remote work, nearly half didn’t receive any additional cybersecurity training since ‘going remote’.

And, with many firms rushing the move to WFH – and lacking a remote-working policy – there’s a chance that colleagues will spend breaks and non-working hours surfing the web for the best deals and perfect gifts.

So, with promises of ‘click here for 40% off’ or ‘find your 50% discount code attached’ set to fill our inboxes over the coming weeks and months, cyber security needs to be at the very top of your shopping list.

Recap on the basics

Whether it’s part of your Monday morning stand-up or a monthly call, now’s the time to remind personnel of the things to look out for in the months ahead.

As teams race to box off one thing after another before the Christmas break, it’s times like these when taking care of your tech can take a back seat. And staff can be the weakest link in your business’s cyber-strategy if they’re uninformed about the potential dangers lurking online.

Whether it’s spotting those deals which really are ‘too good to be true’, clocking a fraudulent email attachment, or embarking on a casual spot of online shopping, the risks are there – and unfortunately, human error is often the cause of data breaches and cyber-attacks.

By taking the time now, to remind everyone of the tactics used by cyber criminals, they should be more vigilant when it comes to using their company device.

Remember your role too

It’s not just personnel who need to remain on their toes though. By having a cyber security package that’s tailored to your business, you’re in the best position to protect your company – and colleagues – 24/7.

No matter what you may have heard previously, there is no one-size-fits-all solution when it comes to safeguarding your brand’s reputation, data, and bank account, so make sure your tech support team – be it in-house or outsourced – constantly keeps their finger on the pulse of the best solutions.

Cyber criminals are surprisingly savvy when it comes to finding sneaky new workarounds, so your security strategy should evolve from month-to-month.

And finally, beware of the ‘Colonel Effect’?

No, we’re not talking about KFC’s Christmas deals. This phishing technique is one which exploits the chain-of-command within a firm, by leading employees to believe they are required to give their personal or financial information to a senior member of the team – often for a Christmas bonus, or as payroll updates for their records heading into 2021.

Organisations which share their company structure and email format online are easy targets for a phishing attack, with cyber criminals masquerading as the HR director or payroll manager and promising a big payday upon receipt of bank details.

The success of a phishing attack using the ‘Colonel Effect’ principle is very reliant on poor internal communications, and larger organisations where colleagues may know those ‘above’ them but might not necessarily have an open line of communication.