Awareness is key – Why Black Friday can be a disaster for IT security
The holiday season is here, which not only means a lot of shopping trips, but also an increase in online activity. Black Friday is the perfect day to grab a great deal, but it’s also when cybercriminals seize the opportunity to exploit the increase in online traffic and decrease in user vigilance. Blurring the line between the personal and professional use of devices poses a serious security risk for organisations and IT departments often unintentionally find themselves in the line of fire.
Commercialism and digital vulnerability.
Black Friday sees phishing attacks taken to a much more aggressive level with cyber criminals seizing the opportunity to capitalise on the shopping frenzy to increase the number of attacks. That means that e-mail you received from the well-known brand may not be from them at all. Employees who hunt for bargains on their business devices or use their business e-mail addresses are at risk of clicking on a phishing link, which can lead to malware infections such as ransomware. The result can be enterprise-wide attacks that hold valuable data and business processes hostage with far-reaching implications ranging from downtime and lost productivity to data breaches and damage to a company’s reputation.
The IT security challenge – Balancing the personal with the professional.
It’s becoming increasingly difficult to separate personal and professional use of devices and e-mail addresses as employees work from multiple locations, creating vulnerability in the IT environment. One risk is posed by using business devices to make private purchases. If an employee receives a deal to their personal e-mail address and opens it on their work device, they can cause a malware infection to quickly spread throughout the corporate network. Phishing attacks targeting login credentials can compromise business accounts, allowing attackers to access corporate information and launch further attacks within the organisation’s network.
A spotlight on Black Friday.
Days like Black Friday call for a growing need to focus on security. IT departments can run phishing simulations to help employees detect fake offers, but it’s also important to have clear guidelines on using business devices for personal purposes as this will significantly minimise risks and prevent company’s IT infrastructures from being exposed to attacks originating from a staff member’s private life.
Conclusion – Leveraging technology and raising awareness as the keys to success.
Major shopping days such as Black Friday can pose a serious threat to organisations’ IT security and using business devices and e-mail addresses for personal reasons makes a company more vulnerable to cyberattacks. The impact of a successful attack can be significant—ranging from a malware infection to the loss of business-critical data. The solution? Combining technology and awareness. IT departments must optimise their security systems and make employees aware of the risks, training them in how to be safe online—critical during periods such as Black Friday. Businesses that take this challenge seriously can better protect themselves against growing threats.
Joris Rooijackers