Black Friday is an iconic retail tradition drawing large crowds of shoppers into stores and online to snag great deals. For some shoppers, Black Friday is a tradition of marathon shopping. For businesses and other organizations, increased card swipes and online traffic open the door for significant cybersecurity threats.

Did you know that in 2021, during the COVID-19 pandemic, 115 million consumers shopped during Black Friday, including in person and online? The darker side of the internet is well aware of this influx of activity. While consumers (i.e., your employees) are gearing up to spend big, hackers are getting ready to capitalize on this opportunity.

To better prepare our readers and clients, we have put together this article that provides insight into the history of cybersecurity and Black Friday, what hackers are doing during this time, and how you can keep your employees safe while enjoying your turkey.

How Hackers are Spending their Black Friday

In 2020, Black Friday sales increased, and the prevalence of new digital touch points expanded hacking opportunities. In 2021, malware attacks increased by 300% while all types of cyber-attacks increased 10% across the board. This signals one single source of truth – scammers are more active when consumers are more active.

Whether you stand in lines for a genuine Black Friday retail experience or you browse deals from your smartphone – cyber-danger is lurking in unsuspecting places.

While you are enjoying your Thanksgiving and Black Friday holiday, hackers aren’t relaxing. They are very likely using that time to ramp up their attacks on your organization’s data while cybersecurity is less of a focus.

Imagine this scenario: You’re relaxing after eating a huge meal and you're scrolling through Black Friday deals in anticipation of kicking off holiday shopping.

You click a link from an unremarkable email in your inbox, discover great deals from the trusted name-brand site it mentions, and load up your shopping cart. You checkout, complete your transaction, and get back to your relaxation.

Cybersecurity Threat

Image Credit: Standret

Then a few days later, you're metaphorically slapped across the face with a series of fraudulent charges on your credit. Immediately your mind begins to race as a feeling of dread takes over and you frantically try to retrace your steps.

You discover that your identity has been stolen, your employer’s network has been hacked, and their vital data held for ransom for millions of dollars. To top it off, their cyber insurance premiums just skyrocketed because of this incident.

Anybody would have a hard time feeling thankful after that.

How does this happen? An ecosystem of hackers is busy at work discovering new ways to exploit your personal and professional data while there are less people trying to mitigate their attacks.

If major retailers with significant cybersecurity measures can be breached, any organization with basic cybersecurity is vulnerable.

But who’s responsible for providing a safe environment? Consumers bear some responsibility, but ultimately it’s the organizations that employ them and businesses that they shop with that need to ensure they are taking proactive computer security measures.

Increased cybersecurity risk is a big problem for day-to-day operations, but it’s an even bigger problem for rising insurance premiums. Business insurance policies typically cover some element of cybersecurity coverage. Or, some businesses may carry additional cybersecurity coverage to appropriately protect against their risk level.

Either way, the cost of a cyberattack has been increasing year over year, driving up risk and subsequently increasing insurance premiums. What can you do to lower these premiums and help protect your employees this holiday season?

How to Keep Your Employees Safe This Holiday Season

Retailers aren’t the only ones that need to think about cybersecurity this holiday season. Most companies have some amount of exposure. Any company that issues devices like smartphones, tablets, or computers to their employees should consider the possibility that these devices can be hacked.

If your organization is connected to a supply chain, you’re vulnerable. If your company uses third-party vendors, you’re vulnerable. If your company has software like an Enterprise Resource Planning (ERP), Point of Sale (POS), Customer Relationship Management (CRM), or other tools that are full of valuable data, you’re vulnerable.

  • Keep your employees and your organization safe by:
  • Utilizing the benefits of Multi-Factor Authentication or Two-Factor Authentication
  • Setting up a Virtual Private Network (VPN) for remote employee access
  • Providing updated employee cybersecurity training with seasonal reminders timed before the start of the holiday season

The History of Cyber Attacks During Black Friday

Cyber-attacks come in many different forms. While card skimming and phishing scams are prevalent year-round, hackers have been known to bring down the holiday spirit in other ways. Here are a few common cybersecurity threats to watch out for this holiday season.

Redirects & Traffic Overloads to Disrupt Devices

While we usually think of cyberattacks as an attempt to gain financial information or steal sales, hackers have all kinds of tricks up their sleeves. As tech-savvy consumers are more digitally connected to the brands they shop – in apps, online, and in-store – we expect to see more ‘denial of service’ types of attacks where hackers send bogus traffic to servers in order to disrupt the consumer shopping experience and potentially divert sales.

What measures can your organization take to lessen its cybersecurity risks during Black Friday? Take our 1-minute quiz and find out.

Phishing Attacks

Over a two-week period between November 27 - December. 15, 2013, Target suffered a $300 million data breach resulting from a phishing scam accessed through a third-party vendor. The hackers had free access to the retailer's Point of Sale (POS) system, including consumer credit card information. Shoppers that headed out to this major retailer to snag Black Friday deals unknowingly handed their credit card data over to a malicious third party.

A phishing scam occurs when an employee opens an email attachment that appears to be from a reliable or known source and unsuspectingly downloads malicious files. Once the download occurs, the files can sit dormant inside a system for weeks or months just waiting for the perfect opportunity to exploit.

Organizations that have sensitive data must be aware of these cybersecurity terms and hacker strategies during the holiday season.

Malicious Code

And in November 2019, an online chat support software provider found malicious code embedded in one of its products, exposing more than 1,500 websites using LiveHelpNow to power their chat-based service features.

For organizations that are struggling to keep up with the rising insurance premiums and might not renew their agreements, these three cybersecurity risks are even more important to keep in mind.

Cybersecurity Threats, Hackers, and Black Friday, oh my!

Cybersecurity threats ramp up when your employees’ spending increases, especially during the Black Friday. The increased online traffic is the perfect opportunity for hackers to move around with less resistance. Across the board, there’s an uptick in phishing scams, malware installations, and nefarious disruptions that cost organizations billions in losses.

The increased risk often translates to higher insurance premiums. This is one area where you may be able to proactively control expenses by bulking up your security measures, such as cybersecurity awareness training, enabling MFA, and using protected VPN’s.

Do you need help meeting your MSP IT needs? Learn more why dozens of organizations trust our team to keep them safe during the holiday season.

Free Cybersecurity Essentials Handbook for Small Organizations