In many ways, 2020 has been a year like no other, and the holidays will likely be unusual, too. With COVID-19 numbers spiking worldwide, there will be less holiday travel, fewer gatherings, and much less in-person shopping.
Holiday shoppers and revelers are adjusting their behavior to these conditions, and cybercriminals are, too. An enormous boost in online shopping — not just for presents, but for groceries and other items people would typically buy in person — presents a much broader threat vector for online scams.
For companies with employees working from home, that means their staff will also be shopping from home and interacting with friends and family online, all using the same computers, mobile devices, and network connections. This year, it will be especially crucial for your staff and your clients to remain vigilant regarding online threats.
Some of these threats are strictly designed to steal payment information (an easy target when shopping online). Still, others can harvest user credentials that can be leveraged for business email compromise (BEC) and other types of attacks.
Guard the Shopping Cart
Online shopping presents a massive opportunity for cybercriminals, so users should follow some simple protocols to keep their personal and payment data safe.
A few of the more obvious ones: Only shop on legitimate websites. Only shop with retailers that you know and trust, and make sure there is an ‘https:’ at the beginning of the retailer’s URL. Besides typo-squatting scams that rely on brand impersonation to harvest personal data, there are also scammers building too-good-to-be-true discount shopping sites. A number of these sites have already popped up on Facebook, for example, offering steeply discounted Lego sets. But these sites are just harvesting payment information.
Also, make sure that employees take precautions when using public Wi-Fi. They should never enter payment or personal information on an unsecured network or unsecured device. They should also use two-factor authentication and strong passwords to protect their login information.
Holiday Phishing Trips
Email-based phishing scams also increase during the holiday season. Common scams try to trick users into clicking on malicious links by claiming a credit card has been suspended, a shipment is delayed, or an order has been canceled.
Likewise, fake charity and mobile app scams use the same psychological tricks to steal payment data.
Even during the holiday season, it’s important to maintain a commitment to training end-users to help them identify these emails and to avoid clicking on links or attachments from unknown sources. There are phishing simulation tools that can help identify the employees most likely to fall for these scams and target additional training toward the weakest links on the network.
Remote and Secure
Remote work has added a new wrinkle to the usual holiday cybercrime activity. Because so many employees are at home, often with their guards down a bit, potentially putting their remote network connections and cloud-based applications at risk.
Adobe Analytics reports that roughly one week into the season, online shopping is up 21 percent compared to last year. That is primarily due to the pandemic. In other words, every day is Cyber Monday now, and companies should take care that remote employees are only accessing the corporate network using a secure device and a secure connection.
Investing in robust cloud security solutions and email protection systems that leverage artificial intelligence to automatically spot phishing, BEC, and other types of attacks can help keep remote employees working safely.
This holiday season will be challenging for companies and their employees on multiple levels. By putting policies, training, and technology in place to guard against seasonal cyber threats, you can safely ring in the New Year with your data, network, and applications intact and secure. 
