Online shopping during last year’s Black Friday surged by around 22% in a record-breaking haul for eCommerce. But whilst consumers are making the most of peak season discounts, the Black Friday period is now one of the most lucrative times of the year for hackers, who are looking to take advantage of the influx in transactions and financial information shared online. Increased mobile commerce, higher spending and elongated shopping hours creates the perfect environment for the cyber vulnerability that attackers are waiting to take advantage of.
Cyber criminals today are becoming smarter and more cunning, and are looking to capitalise on the opportunity Black Friday and Cyber Monday presents. Today, there are a plethora of threats that could severely harm businesses. It is crucial that they prioritise cybersecurity and take the necessary precautions to safeguard their operations. For SMEs, with a smaller budget and less resource to staff an in-house security team, developing a comprehensive cybersecurity strategy is essential in helping to protect against attacks. This should focus on three key areas: people, processes and technology.
People: Reducing human error
Since the start of the pandemic, phishing attacks have soared over 200 percent and cybersecurity providers have been advocating for employee education within organisations, to help individuals recognise a malicious email or suspicious activity. However, human error remains a significant challenge for organisations, and an IBM study revealed that it is responsible for 95 percent of breaches. It is impossible to eliminate human error in its entirety, but by reducing the opportunity for error, championing a security-focused culture and providing mandatory, in-depth training, businesses can stop human error from being the weakest link.
With attacks on the rise during this period, smaller businesses need to take responsibility for the training of their workforce. This will help combat the likelihood of breaches made possible by un-educated teams clicking on a malicious link within their enterprise’s network.
Process: Fostering an open, collaborative culture
Empowering employees to come forward when they believe they have spotted a potential threat is essential in reducing human error. Collaboration is already a key tenet for SMEs looking to grow their team, and it has equal benefits for bolstering cybersecurity. Establishing clear, structured guidelines on how an employee can report a potential breach will help to foster a more open work culture. And employees who are left in the dark, or feel unsupported by their organisation, are less likely to feel confident in admitting to mistakes. This could lead to larger, more far-reaching data breaches.
The onus is on organisations to integrate cybersecurity strategy and process from the top down. Businesses that embed a culture of safety, acknowledge that people make mistakes, and promote speaking up, can better protect themselves from cyber-attacks. One of the ways to improve processes is through rewarding employees with non-monetary incentives, which can create a domino effect that encourages others to speak up. It’s also important that business leaders model the behaviours recommended to employees. Educating management on how they communicate the importance of cybersecurity is vital to the security of employees and helps to maintain a strong company reputation.
Technology: Deploying the right solution
In addition to people and processes, SMEs looking to prepare for the upcoming and future peak seasons must harness the power of technology to protect their businesses from hackers and reduce the magnitude of an attack. An Intrusion Detection System (IDS), Security Information and Event Management (SIEM) system, malware detection, email filtering and scrubbing and end-point detection tools are just some of the solutions available that can increase visibility and manage threats in real-time to protect and improve networks.
Given the vast, sometimes overwhelming choice of cybersecurity solutions, it can be difficult for organisations to know the best route to take. This is why the smartest decision for smaller businesses is to outsource to the experts. By partnering with a security services provider, businesses can still make cyber security a priority and take advantage of the best of breed solutions, without having to spend a fortune on in-house tools or losing focus on other areas. It can also free up time for business leaders to focus on what matters the most to them – supporting their workforce and building their enterprise.
For SMEs without a clear cybersecurity program and dedicated in-house security teams, it can be difficult to manage the increase in threats, particularly during peak season. Alongside prioritising people, process and technology, small organisations should seek out the help of industry specialists who can act as their trusted advisor. This can ensure they understand their risk exposure and mitigate threats in both peak retail season and beyond.
Article by Rick Jones is the CEO and co-founder at DigitalXRAID