Six Cybersecurity Tips for the Holiday Shopping Season

Ho, ho, ho, hold on before clicking on that link advertising an amazing deal this holiday season.

Phishing, that ever-present and ever-growing organizational concern, is a preferred attack method for hackers because of its relatively simple premise: deceiving a user into clicking a link that allows access to personal information. Even with the flurry of activity surrounding Black Friday and Cyber Monday now in the books, cybercriminals still have all of December to take advantage of both consumers and organizations through phishing schemes.

The primary concern surrounding holiday phishing is to protect the regular consumer, but phishing can be just as threatening for organizations. An employee could cause a breach by clicking a malicious link from a personal email that they’ve accessed at work or by falling for a phishing scheme sent to their company email. So how can organizations make sure their people don’t give them the unwanted holiday gift of a security breach?

Here are six tips to help you and your end users get your holiday shopping done safely:

  1. Organizations: refresh the topic of phishing to your employees

Remind employees how to recognize and report a phishing email. Phishing is effective because it creates a sense of urgency, which is something that might stand out as suspicious in April, but blends in right now in a season full of ads urging users to “act before this deal disappears.”

  1. Be proactive; eliminate the attack before it reaches your employees

Your people don’t need to be the first defense against suspicious holiday deals. We recommend having an email security solution in place to provide targeted threat protection against spam, malware and phishing.

  1. Do your shopping on a secure network

We’re all connected all the time. To keep your personal information (name, address, credit card) and devices safe, always connect to a secure network.

  1. Verify shipping updates and tracking numbers manually

The most popular phishing emails during the holiday season contain malicious links disguised as shipping updates or delivery notifications. Never click on tracking numbers; copy and paste the number (or write it down) and use the carrier’s website to get your update.

  1. Delete deals with attachments

Think about it: when have you ever gotten an attachment from Amazon or Target? Vendors include sales information directly in the body of an email. If you see an attachment, don’t click; it may contain malware.

  1. Don’t click on popup ads

Popups may be tempting, but cybercriminals often use them to direct you to malicious websites, so it’s best to stay away. For safest surfing, go directly to the vendor’s website or, even better, their app.

How can Schneider Downs Help?

Our cybersecurity practice is comprised of experts in multiple technical domains. We offer phishing simulation assessments that will help your organization build resilience against these types of actions. Our customized assessments replicate real-world attacks and are conducted by our team of skilled professionals in a controlled and secure environment. Learn more about our cybersecurity services at www.schneiderdowns.com/cybersecurity or contact us at cybersecurity@schneiderdowns.com.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

NSA Makes Unprecedented Vulnerability Disclosure - Microsoft Vulnerability CVE-2020-0601
Wawa's Data Breach
Cybersecurity BY Sara Hudak
New Orleans Under State of Emergency Due to Ransomware Attack
Brian Krebs Sheds Light on Cybercrime at Pittsburgh’s Premiere Cybersecurity Event
Ryuk Ransomware Facts and Protections
Russian Hackers Indicted in Pittsburgh

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102