CyberMonday Warnings for Consumers, StaffFBI, ISACA Offer Tips for Safe Online Shopping
"On CyberMonday and throughout the holiday season, consumers are encouraged to beware of bargain e-mails advertising one-day-only promotions for recognized brands or websites," the FBI warning states. "Fraudsters often use the hot items of the season to lure bargain hunters into providing credit card information."
We need to figure out how to make BYOD benefits outweigh the risk.
If it seems too good to be true, it probably is, the FBI warns.
The FBI recommends the following, general tips to educate employees about basic security:
See Also: How to Use Risk Scoring to Propel Your Risk-Based Vulnerability Management Program Forward
- Log on directly to official websites for businesses identified in e-mail campaigns, rather than clicking on links.
- Update anti-virus and anti-spyware software.
- Shop on websites with Secure Socket Layer security.
- Don't buy anything with a debit card.
- Never give out your Social Security number.
- Use strong passwords, which contain at least five letters and one number.
Impact of BYOD
CyberMonday aside, online shopping is raising more security concerns this year, because online browsing continues to get more diverse.
The advent of smart phones and tablets has made mobile the next-best online channel. And as more consumers mix personal mobile use with business, organizations also should heed warnings about holiday browsing security.
The so-called Bring-Your-Own-Device, or BYOD, trend is a catching on, and it's changing the way companies address user behavior and risk. But Ken Vander Wal, international president of ISACA, says most organizations have done little to address BYOD security risks in their policies and procedures.
"The line between corporate-owned devices and personal devices is blurring," Vander Wal says. "Enterprises may not have much control over the data that gets saved on these mobile devices. ...That's why it is important to have policies and awareness training, to make sure the right controls are in place."
As always, employees are the weakest link in the security chain.
ISACA, which recently released 2011 results from its annual Shopping on the Job Survey, says IT professionals must adapt security measures to address growing BYOD concerns. "We need to figure out to how to make BYOD benefits outweigh the risk," Vander Wal says.
Chris Poulin of Q1 Labs, an online security provider, says organizations can address mobile security by ensuring employees encrypt data on their devices and then demanding they have access to the data that's saved on those devices. Even if it's a personal phone or tablet that an employee also uses for business, organizations have a right to track and audit that mobile device's data.
"It's risk management," Poulin says. "You need to have the ability to see what data was on the phone for auditing later," in case a breach does occur.
Fifty-two percent of people who shop on CyberMonday do it at work. So even if the employee is using a PC, which is more secure, he or she could still open the business to significant risk.
But that risk offers opportunity: "See what sites your employees are visiting, and then test those sites," Poulin says.
Monitor behavior, and use CyberMonday as a way to track online patterns to see what systems your organization has that might be vulnerable.
And then share what you find. "Organizations should really try to share the information they gather during CyberMonday," Poulin adds. "If someone identifies an attack, then they could share that with other organizations. By sharing information, it will allow organizations to go on the offense, rather than always being on the defensive."