By: Scott Grebe:
As I was driving home the other day one of my children spotted a house with old Halloween decorations on it. With the holidays coming, it’s a good reminder of the potential impact they can have on an organization. Black Friday, Cyber Monday and the weekend in between kick off the unofficial holiday shopping season which goes until the end of the year. Add in Thanksgiving and we’re looking at a lengthy period of consumer shopping, much of which is done online.
Let’s take a look at some of the numbers to put this into perspective. According to the National Retail Federation (NRF), in 2015:
- Holiday sales increased 3% to over $625B
- Seven in 10 retailers reported an increase in their overall holiday sales revenue
- 81% saw an increase in online sales
- Mobile, including both phones and tablets, accounted for 30.4% of online sales
- Black Friday had the highest sales revenue for 68% of retailers, regardless of channel, while Cyber Monday saw the highest online/mobile sales
The expectation for future years is similar – higher sales and an increase in the use of mobile devices for online shopping which is great news for retailers. Interestingly, despite the growth in mobile transactions, the NRF found that online purchases using desktops still brought in the highest transaction size during the 2015 holiday season. Either way, there continues to be a transition toward online purchasing even when consumers collect their items at the store.
In an earlier blog I touched on three potential impacts online shopping by employees during Black Friday and other holidays can have on organizations – loss of productivity, bandwidth consumption and network security. Let’s take a closer look at the affect it can have on security.
No matter the device they use – desktop computer, laptop, tablet or smartphone – anytime employees shop online at work over the corporate network it introduces risk. Inadvertently downloading malware from websites, even those that are known to be legitimate sites, is a very real danger. Hackers are continually finding new ways to develop more sophisticated versions of threats such as viruses, worms, and Trojans that can evade detection. One tactic they use to deliver these threats is phishing emails which lure recipients into clicking on a link in an email that appears to be legitimate. Once the employee complies, the malware is downloaded onto the device and it can spread throughout a network. Phishing emails are very popular during the holidays, often disguised as retailer promotions. According to a Prosper Insights & Analytics Post-Holiday Consumer Survey, 24% of respondents said they visited a website they shopped on last holiday season through an email promotion. Clearly hackers have learned that email promotions are popular with online shoppers.
Another threat you’re likely to hear more about during the holiday season is ransomware. This attack uses malware that denies access to data or systems unless the victim pays a ransom to the cybercriminal. Without access to files, data or entire systems most organizations can’t function. Some victims pay the ransom and if only a few systems are affected the cost can be manageable. But imagine the price if you have hundreds or even thousands of networked devices. It’s enough to put some organizations out of business.
Whether we like it or not, employees will use the devices available to them to shop online during Black Friday and other holidays. When they do it from the office or store, most likely they will use your organization’s network to connect to the Internet and this introduces risk. Fortunately there are steps every organization can take to secure their network and protect themselves and their customers from threats like phishing attacks and ransomware during the holiday online buying season. Deploying a SonicWall next-generation firewall with our Capture Advanced Threat Protection service stops unknown and zero-day threats before they can enter your network.