Tysers, a leading independent Lloyd’s broker and a member of the AUB Group, advises that online retailers should be wary of cyber-attacks over Black Friday and the pre-Christmas trading period and take steps to increase their cybersecurity.
“The upcoming Black Friday and Cyber Monday sales bring a surge in website traffic to online retailers, with many preparing for the biggest sales period over the next few months. However this period can also bring increased cyber threats, with many cyber criminals looking to exploit both businesses and customers alike during this busy shopping time.”
Bethan Perris, Senior Client Executive, Tysers
Some of the main threats for retailers include:
E-Skimming
Card Skimming malware (malicious software) is used by cyber criminals to acquire customer card details from e-commerce websites at the point of sale. This is often achieved by hackers targeting a vulnerable website server (or a server used to host multiple websites) and inserting malicious skimming code into the website. Once this has been implemented, unsuspecting customers enter their credit or debit card details at point of sale, unaware they are not on a secure checkout page and their payment details are stolen (or skimmed) by cyber criminals in real time.
Ransomware
Ransomware is a type of malware designed to block access to a computer system until a sum of money is paid. Ransomware encrypts a user’s or businesses critical data so they are unable to access important files or applications. Once ransomware encrypts critical data and applications it is often impossible to decrypt files without the key provided by the attacker after the ransom is paid, which is usually demanded in bitcoin or other cryptocurrencies.
Cyber criminals may target online retailers during key trading times such as Black Friday and Cyber Monday as they know these are key trading times for many businesses and therefore potentially more likely to pay the ransom to gain access to critical systems and resume trading.
Social Engineering
Social engineering is the art of manipulating people, so they give up confidential information. This often utilises methods like Phishing where criminals impersonate organisations or people via email, text message, or other means. Criminals do this in order to steal sensitive information, obtain money or deploy malicious software (such as ransomware) onto the victim’s infrastructure via malicious email attachments or links.
How can you reduce the risk of cyber attacks?
Cybersecurity and training
Robust cybersecurity is essential to protect your business, and it’s important to invest in some cybersecurity measures regardless of business size or industry. You should always ensuring firewalls and antivirus software are up to date, regularly update your payment software and install any security patches from third party payment vendors.
It is also equally as important for your employees to have up to date training to stay ahead of the increasingly sophisticated methods used by cyber criminals.
Secure Password Policies and Multi-Factor Authentication
Ensuring your business has secure password policies which require both employees and customer to choose strong passwords is essential to reduce the risk of password attacks. Employees should also be asked to change passwords regularly.
Multi-factor authentication should also be implemented across the business, to ensure websites and programmes where confidential or sensitive information is stored are more difficult for hackers to access. Learn more about Multi-factor authentication here[1].
Cyber insurance
Cyber insurance cover helps your business offset the costs of recovery after a cyber-related security breach, loss of data, a ransomware attack or a similar event. A comprehensive cyber insurance policy will provide financial compensation for the direct costs incurred to the business and any liabilities payable to third parties following a cyberattack, a data breach or loss of data.
[1] Multi-factor Authentication: A Guide - Tysers Insurance Brokers