How to prevent employees from being scammed around the holidays

Around the Black Friday and Cyber Monday weekend, employees will undoubtedly be distracted by looking for the latest bargains offered by retail stores both online and in-store. However, due to the ongoing effects of the pandemic, many employees are most likely to be shopping online. This weekend is also an opportunity for many employees to do their Christmas shopping ahead of time.

Unfortunately, this shopping weekend is a lucrative opportunity for cybercriminals to target shoppers, who may fall into the trap of phishing and social engineering scams. According to Kaspersky, online payment fraud surged by 208% between September and October 2021, with 1,935,905 financial phishing attacks disguised as e-payment systems during October.

With many employees also using company devices for personal use, organisations must remind employees on best practices for staying safe and secure online.

Top tips to advise employees:

1) Remind employees of stringent IT policies

Employees must be reminded to follow stringent IT policies, compliance, and to avoid using company-owned devices for personal purchases. While it can be tempting to keep an eye on bargains whilst working, employees should not be doing this on their work laptops or phones, even during break times.

2) Shop smartly

Tell employees to use only trusted websites to shop and use credit cards for payments over a secure connection – remember to check the website starts with “https://”. Don’t forget to monitor bank accounts for any suspicious activity, so banks can be alerted at once if scammers do manage to infiltrate bank accounts.

3) Be aware of phishing scams

Employees need to watch out for phishing and social engineering scams targeting shoppers with bargain prices – always triple check any URLs before clicking on them by hovering over the link. Support employees with phishing awareness training and check their alertness with our phishing simulation tool to truly understand if employees know how to spot a scam.

4) Remember good password hygiene

When logging into accounts for each online retail store, educate employees to use a solid, unique password for each one. Make sure the password contains a minimum of eight characters, a mix of upper- and lower-case letters, numbers and symbols. Good password hygiene will help reduce the likelihood of details being compromised in a data breach.

5) Use added security barriers such as 2FA & MFA

Where possible, teach employees to use two-factor or multi-factor authentication to log into accounts to prevent others from accessing your accounts. If a password has been compromised or cracked by a cyber-criminal, multi-factor authentication requires the hacker to bypass the one-time password, which is usually a code sent via email or text to your number. This second barrier to entry makes it harder for hackers to get it and make purchases on the account.

6) Don’t fall for gimmicks

Employees must remain cautious of ads and prize contests, (which are rife during this period) looking to pull and sell consumer information to third parties. Remind them to not click on anything they don’t trust and appears too good to be true. If in doubt, always check the URL domain.

7) Finally, don’t forget overall device security

It’s vital to keep security updated on all devices, including laptops, tablets and smartphones. Remind employees to use anti-virus software and backup all files. With IT vulnerabilities constantly appearing, employees must continuously update their devices when prompted or told by IT.

Get in touch today to talk to us about how our collection of Information Security Courses can help prevent your employees from being scammed around the holidays and further strengthen your organisation’s cybersecurity risk.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.