This year’s Black Friday event could be the biggest yet. Non-essential shops are closed and businesses are placing far more emphasis on their websites. Plus, a primed online audience is chomping at the bit to spend some money. An expected surge in online traffic and sales is very much on the agenda. We spoke with CRIBB’s Patrick Carolan about some of the implications to cyber security.
Patrick, how do you see the Black Friday sales going this year?
I think they will be huge for companies making online sales. As we are in lockdown, that will essentially be everyone. I think those companies will discover how robust their websites are over the last weekend of the month.
Implement multi-factor authentication for all of your web administration accounts. Do this well in advance of Black Friday to act as a deterrent against potential hacking attempts.
With an influx of online activity, these companies will need to have the right security measures in place – correct?
100% correct, because the increase in online visitors means a subsequent increase in the activities of cyber criminals. Phishing attacks increased by more than 300% around the Black Friday sales period historically. That was at a time when shops were open for consumers. Imagine how many more there will be this year.
What can online retailers do to ensure they can cope?
They need to act fast if they haven’t already, by evaluating their current cyber security framework and policies. Being proactive is crucial. They should all assume that they will be targeted. Then make sure they are communicating effectively to their customers about their procedures.
Turning to the professionals
Should they seek professional help?
Certainly if that is something they haven’t yet done. I’d suggest if you are preparing for a surge in digital custom, you think about penetration testing. That way, you can check that your website will stand up to potential attacks.
Can CRIBB Cyber Security help with penetration testing?
Yes we can. We are very proud to be ECSA and CREST-approved testers, in fact.
Can you please tell us a little more about that?
ECSA stands for ‘EC-Council Certified Security Analyst’. CREST is a non-profit, international accreditation and certification body which offers assurance in information security. Both CREST and EC-Council qualifications are recognised around the world. With these qualifications, buyers looking at members of the cyber security community such as ourselves gain a better idea of the level of skill and competence we hold. They see us as having a strong penetration testing service but we can help with much more than that with regards to Black Friday preparations. That was simply an example.
How else can CRIBB help companies getting ready for Black Friday?
Well, any online retailer should have a good knowledge of PCI DSS compliance. That is another area we can offer support and guidance. It is always worth re-evaluating the processes and procedures in place for something like this. Especially when the sales are approaching, and let’s not forget that Christmas is just around the corner too!
Other aspects to check on relate to the website or websites. You should double-check coding to make sure there are no changes or new elements in place. You should also check account log in activity to see if there have been any suspicious log in attempts.
Businesses around the world are gearing up for a bumper period as we approach the end of a year to forget. All being well, they will have a largely positive experience. If however, you have any concerns over your existing security protocols being able to withstand the strain, contact our cyber security experts for advice. As a result of being part of theICEway ecosystem of companies along with ICE and eTestware, CRIBB Cyber Security has worked with clients in cruise, travel, healthcare and retail for many years. We are proud of our security by design ethos.