Online shopping – on the company network. Yes, it happens, at all times of year, and particularly during the holiday season. Nothing like a last-minute gift panic to cause a quick hunt for something perfect, and those hunts frequently lead shoppers away from the safe shopping havens and into the world of “maybe safe.”
Yow. Maybe safe? On YOUR company network?
ROI Revolution has estimated that e-commerce sales will eclipse $236 billion in the 2022 holiday season. While, as I said above, the holidays are the most popular time of year for consumers to purchase online, in 2021 over $2 billion a day was made in online purchases, every day. All year long.
Chances are you and your employees make purchases personally and for your business with a frequency you may not even be conscious of..
And…chances are that cybercriminals are doing their best to capitalize on this to steal credit card numbers, logins, and passwords – and even your and your customers’ banking information.
If your employees don’t follow these four practices to stay safer (notice I didn’t say safe) while buying online, they could be exposing themselves and your business to identity theft, fraud, and more.
- Don’t reuse passwords from site to site. If you use the same password for multiple sites, when one company’s records get breached (which happens every day), a criminal now has access to multiple accounts. So, make sure you use different passwords for different sites. This does make things slightly more complicated for you, but it also makes it infinitely harder for cybercriminals. (This is less complicated for you if you utilize a password manager, as I suggested in this blog post.)
- Check the URL in the address bar. One indication that a website is secure is that it either has a small lock symbol to the far left of the URL or “https” in the URL. If you see a lock that’s unlocked or just an “http,” the site is not secure – do NOT provide any credit card information or bank account details.
- Don’t use a debit card to pay – only use a credit card. This way, if someone can access your account, you won’t lose what’s currently in your bank account. And most major credit cards have a $50 or less liability policy if unauthorized charges are made. So, it’s important to watch those statements. If you do feel you’re the victim of fraud, make sure to contact your credit card company immediately.
- Be wary of any texts or e-mails about package deliveries. Even if you have something you’re tracking, go back to the site you originally purchased from to check notifications that way. Any links from an unknown sender could infect the device you’re on, which could expose you to viruses and malicious software.
Some of the tips we have to offer are on the order of “D’oh, I could have had a V-8” (Remember those commercials?), like these:
- If a deal sounds incredibly good, it could be incredibly BAD for you to click on it. Bad guys are doing everything they can to get your information, and that includes publishing fake ecommerce websites with incredible prices on them. They’ll even buy ads on social media platforms to advertise their fake websites. Don’t fall for this. The wrong click can download a nefarious file to your computer, and that file could set you up for a ransomware attack, a business email compromise (discussed here), and more.
- Don’t be tempted by charity pleas without doing research on the charity. Aside from the normal “how much of my donation actually goes to the people who need it” research, be sure the charity is legitimate. Yes, fake charities do come up, especially toward the season of “peace on earth.”
- And, the season of giving is also the season of spending. Gift card giveaways can be tempting, and they’re EVERYWHERE online. Watch out. The URLs are likely NOT to the actual corporate website (though they’ll sure look like it), and the scams are designed to get your banking information. While this isn’t so much a business issue, if you have an employee get their accounts compromised, it will certainly impact their life – which also means their work life. So help your people understand ALL of the risks.
While there are plenty of cybercriminals happy to scam consumers, they really want to go after businesses like yours, because businesses have much deeper pockets and there are multiple ways the bad guys can cause havoc. And make no mistake – if they can scam a consumer AND a business, they likely get a little extra bump in their paycheck for that day.