The risky business of cybersecurity during Black Friday & Cyber Monday sales

26 November 2021 Discovery

Black Friday sales are quite the occasion for consumers and businesses alike. But amidst the joyous frenzy lurks the rather serious shadow of cybercrime. As much as Black Friday is a big deal, so too is Cyber Monday.

What is ‘Cyber Monday’?

The concept around ‘Cyber Monday’ was coined around 2005 as a marketing term aimed at e-commerce transactions on the Monday following Thanksgiving weekend in the US. It quickly became the second biggest shopping day for consumers (after Black Friday), but primarily the largest shopping day for online sales, specifically.

All retailers with an e-commerce revenue stream launched massive marketing efforts – so much so that the idea soon took hold in numerous countries around the world. Combined, Black Friday and Cyber Monday make up ‘the biggest shopping weekend of the year’ – which provides an abundant opportunity for cyber criminals to cash in too.

So, what do businesses need to prepare themselves for? In short – cybercrime.

“It’s not just customers who need to watch out; businesses need to be vigilant too,” says Discovery Business Insurance Chief Operating Officer, Lana Ross. “Being aware is not and out-of-the-ordinary recommendation. It’s merely amplified during such a weekend.”

Businesses would do well to be prepared all year round, but especially so during promotional periods encouraging more sales activity. An uptick in online sales, by default, creates cyber vulnerabilities that can be taken advantage of. “And with consumers showing increased support for small and medium-sized businesses, this is especially important,” adds Ross.

The reality is that cybercrime only gets more sophisticated with time. “So, security measures need to be on-the-ball and up to date at all times,” she adds further. “Any business can fall victim to an attack at any time, but especially so during mass sales promotions like Black Friday and Cyber Monday. After all, a primary motive at that time is money, and lots of it.”

Cyber breaches put businesses at risk of major financial losses, reputational damage and legal difficulties – to name a few. “Some of the biggest concerns involve human error breaches, phishing and social engineering manipulation tactics, and ransomware,” says Ross. “All of which can result in significant damage to businesses, as well as their customers.”

What key things should businesses cross check ahead of the Black Friday / Cyber Monday weekend?

“In the build-up to the Black Friday / Cyber Monday weekend, businesses should ramp up their security awareness among all staff – and not just the IT department. While marketing promotional content and advertising is ‘the fun stuff’, it also reaches a less attractive ‘consumer market’ who are also paying attention – cyber opportunists and criminals,” says Ross.

The tiniest human error, especially during a mass sale, can make quite a huge difference when it comes to cyber breaches. “And cyber criminals bank on that. With so much focus on the amount of sales being accumulated, a loophole that results in suspicious activity can intensify too, and go completely unnoticed while sales are being made. So, cyber security awareness training among all staff is imperative. Everyone must be able to recognise suspicious activity, like phishing or social engineering scams, to avoid a costly breach,” advises Ross.

Another key security measure is to ensure that customer accounts are protected with multifactor authentication and up to date anti-virus software. Information is just as valuable to cyber criminals, so access to stored data needs to be protected. Information can include usernames, passwords, bank card details, addresses and contact information. “Proper information security protocols that protect against spyware, keyloggers and other targeted malware can prevent a massive network breach,” Ross adds.

So, a full top-to-bottom security infrastructure audit is advisable. Businesses should ensure that customer data is saved in secure infrastructure to secure infrastructure and that all point-of-sale and card systems are all well encrypted. Once customers are aware of a breach, they typically migrate to another competitor.

Business owners should also be on the lookout for false activity. “Fake websites – which can include fake login pages - that mimic legitimate companies can pop up during this big sales weekend. False ads promoting massive deals associated with your brand can surface on social media too. Email newsletters can also end up doing the rounds. So, business owners need to be aware of any false brand activity that could lure customers into trouble. While this affects customers more so than your actual business bottom line, you do have your reputation to think of. Such activities could scare off customers from your legitimate site, marketing and advertising efforts.”

To avoid “brandjacking”, businesses can also prepare their customers ahead of the sales weekend. Communications can include tips on how to identify suspicious URLs, email addresses, social media handles and third-party advertising efforts. Communications can also offer ways for consumers to shop safely while using their mobile phones – oftentimes a highly unsecure medium. It may be as simple as informing customers of the legitimate app to use for online shopping.

Whether or not 2021 sales will be better than last year remains to be seen. However, it is bound to be a busier time for retailers and small businesses. Money will certainly flow. Cybercriminals will no doubt be lying in wait for any surge in transactions, hoping their activities will go unnoticed.

“Business owners will do well to ensure that they have up to date security infrastructures and backups, as well as robust incident response measures,” advises Ross. “In so doing, massive business downtime, financial and reputational losses can be avoided,” she concludes.


Quick Polls


Are you shocked by Sasria’s 2022 rate increases, or is it expected given the sheer scale of the July 2021 rioting plus the ongoing increase in frequency and severity of protest losses?


Yes, I am shocked and so will my clients be shocked
No, it was expected
fanews magazine
FAnews November 2021 Get the latest issue of FAnews

This month's headlines

New proposals to amend PPRs have major impact
The untold truth about intermediary agreements
Rethinking claims
Tik-Tok: The clock is ticking on SA’s R45 billion unclaimed benefits bomb
Medical schemes’ average increases for 2022
Disability claims aggregation
Subscribe now