From Discounts to Data Breaches

Christmas is around the corner, and with Black Friday and Boxing Day Sales just as eagerly anticipated, the holiday season has become a paradise for bargain hunters.

What was once a single-day event has now evolved into weeks of sales, often stretching across November and December. While this extended shopping period gives consumers more time and flexibility to score deals, it also creates a larger window for cyber criminals to target unsuspecting shoppers.

The longer shopping period gives cybercriminals extended opportunities to deploy scams, phishing attacks, and other cybersecurity threats. Advances in AI technology have only amplified these risks, enabling hackers to create increasingly convincing fake emails, websites and advertisements. AI allows these scams to mimic trusted brands with precision, making them more likely to deceive even cautious shoppers. 

For organisations, unfortunately the risks are even greater, as employees shopping on company devices or falling victim to scams can expose sensitive networks and data. AI-driven phishing attacks are harder to detect, and malware downloads from seemingly legitimate sites can open the door to ransomware or unauthorised access to business systems. 

Read on for a bite-sized breakdown of what to, and not-to do, when taking advantage of discounted Christmas offers… 

For Individuals: How to Shop Safely 

1. Watch Out for Phishing Scams
• Beware of emails promising unbelievable discounts or urgent calls to action like “Hurry, sale ends in 30 minutes!” 
• Always check the sender’s address and avoid clicking on links unless you’re certain they’re legitimate.
• Check out our handy 5 minute guide – how to spot a phishing email, for an example of what to look out for.
2. Stick to Trusted Retailers
• Only shop on websites you trust and double-check the URL for accuracy. 
• Ensure the site uses HTTPS (look for the padlock symbol in the address bar). 
3. Be Wary of Social Media Ads 
• Fake ads and giveaways on platforms like Instagram or Facebook can redirect you to phishing websites. 
4. Avoid Public Wi-Fi 
• Shopping on public Wi-Fi can expose your data to hackers. Use a VPN to encrypt your connection if you must shop on the go. 
5. Keep Your Devices Secure 
• Ensure your devices are running the latest updates, and use strong, unique passwords for shopping accounts. 

For Businesses: Protect Your Network 

Employees shopping online during work hours—often on company-owned devices—can unintentionally expose your business to significant cyber risks. Here’s how to mitigate these threats: 

1. No Shopping on Company Devices 
• Enforce a policy against using work devices for personal shopping. 
• Personal shopping increases the likelihood of malware infections, phishing attacks, or unauthorized downloads on company systems. 
• Utilise solutions like Microsoft Intune to enforce policies that restrict non-work-related browsing or shopping on company devices. Intune’s Mobile Device Management (MDM) capabilities allow you to apply conditional access rules, ensuring work devices are used strictly for business purposes.
2. Educate Employees 
• 82% of cyber security breaches involve a human element, yet less than a third of businesses report their staff have undergone any formal cyber security awareness training. Why not take advantage of training solutions like our User Awareness Training to help employees identify phishing emails, fake websites, and other scams. 
3. Monitor Network Activity 
• Black Friday and Boxing Day are a prime time for cyber attacks. Use advanced threat monitoring to detect unusual activity on your network. Consider leveraging solutions like Microsoft Defender for Endpoint to provide advanced threat monitoring and detect unusual activity in real time across your network. 
4. Update Endpoint Security 
• Ensure all devices connected to your network have updated antivirus software and endpoint protection. 
• Utilise solutions like Microsoft Endpoint Manager to ensure all devices connected to your network are running the latest antivirus software and patches. 
5. Back-Up Data 
• A robust backup strategy ensures your business can recover quickly if hit by ransomware or another attack. 
• Consider implementing Azure Backup to protect your critical data and ensure it can be quickly restored in the event of a ransomware attack or system compromise. Combine it with Azure Site Recovery to maintain business continuity by replicating workloads to the cloud in real-time. 

Holiday shopping doesn’t have to come with cyber security risks. By following these tips, you can enjoy the best deals without falling into cyber criminals’ traps. For businesses, setting clear policies and reinforcing security measures ensures that the shopping season doesn’t lead to costly breaches. 

---

Need help safeguarding your business during high-risk periods? Our cyber security experts are here to support you. Get in touch today.