Omri Hering
24.11.2022
5 Ways Zero-Trust Security Can Keep Businesses Safe on Black Friday
Zero-trust security practices are essential to online shopping safety, especially during the Black Friday shopping season. Holiday seasons mean more engagement for businesses coupled with an increased attack surface. Shoppers spend billions of dollars each year during shopping seasons, and it’s essential for your employees to know how to keep sensitive information safe while they shop for their favorite deals online. With these 5 zero trust security tips, you can shop online confidently on Black Friday and every day.
Black Friday & Online Safety
Now that it’s here, it’s time to talk about how to stay safe when you shop online on Black Friday and Cyber Monday this year. Black Friday will be upon us before we know it, and cyber-criminals are planning to make the most of their opportunity to trick you out of your hard-earned cash while they have modern attack vectors capable of doing so.
Shopping seasons mean massive online activity and transactions and increased attack surface for cybercriminals. Employees looking to shop online become a prime target of cybercriminals as adversaries execute sophisticated attacks targeting the employees of businesses for malicious purposes.
According to Deloitte, 65% of consumers prefer shopping online because of safety and convenience factors, while other researchers have revealed a 70% average increase in attempted ransomware attacks in the months of November and December.
Just like in the past, cyberattacks are expected to surge during this holiday season, especially during shopping, targeting organizations of all sizes and types. Experts in the past reported a 63% of malware spike during Black Friday and Cyber Monday, while other researchers have reported that more than half of Black Friday emails are scams.
Considering the increased security risk this holiday season, it is advisable to remain vigilant while browsing online for shopping deals. Additionally, if you leverage zero-trust security practices, you won’t have to worry about becoming one of their victims this year. To help you get started, below are the top 5 zero-trust security tips to help you stay safe online during this shopping season.
Top 5 Zero Trust Security Tips
Are your employees aware of the increased digital security risks during shopping seasons and holidays? Considering 95% of breaches happen due to human errors, it is safe to say that the digital activities of your employees can also result in security breaches and severe complications if they are unaware of the digital dangers.
1) Device Validation & Security
Adversaries use fake malware-infused shopping offers to trick employees into downloading malware into the organizational systems, ultimately resulting in security breaches. Just like online sources, devices used in your workplace or by your employees outside your organizational premises cannot be trusted. Organizations must isolate corporate devices from internal and external threats to achieve Zero Trust Security.
This can be achieved by businesses verifying the identity and access privileges of the employees using certain devices while these devices are restricted and can only be used by verified employees to access granted resources. This will protect employees from accidentally downloading malware into the organizational devices and the organizations from unwanted security breaches.
2) Multi-Factor Strong Authentication
As per the zero-trust principles, verify everything! It’s time to turn on multifactor authentication, such as 2-Factor authentication, for all corporate and personal social media and digital profiles. Businesses must require their employees to use two-factor authentication for their digital credit cards, online wallets, and other digital and financial profiles to avoid possible suspicious attempts of adversaries.
Two-Factor Authentication (2FA) is a great way to add another layer of security to online accounts like email and social media. 2FA can be done by using a mobile app or receiving a code from an authenticator app that can be used in addition to passwords. Google Authenticator and Authy are two popular apps for 2FA.
3) Consistently Monitor & Validate Traffic
An employee may visit a plethora of web pages using the business’s device and network. Adversaries leverage malware-infused shopping adverts, fraudulent shopping emails, ads, and news releases that provoke the employees to perform certain actions that will result in sensitive information disclosure or worse. Organizations must leverage active URL filtering to monitor and validate the safety of the URL or webpages accessed from the organizational networks by the employees. This will help the business thwart phishing attempts and malware infections.
4) Zero Trust Network Access
Organizations must leverage network segmentation to break off and isolate their organizational networks to limit the spread of a malware infection or a breach impact in case it happens, as it’s likely that an employee may perform actions that can put the organizational networks at risk of exposure.
In a zero-trust architecture, networks are partitioned into many isolated segments with strict controls to protect sensitive data. Also dubbed “software-defined perimeter (SDP)”, ZTNA (Zero Trust Network Access) grants users access to assets and systems in the network only after they have been explicitly verified and authenticated. ZTNA is based on micro-segmentation and isolation of networks. It is a VPN replacement, enabling secure access to users from different locations and devices without being dependent on corporate networks. In this era of remote work, ZTNA is a good solution for CISOs and IT managers who need to find a quick and simple solution for their employees.
5) If You Aren’t Using SASE/SSE, Avoid Public Wi-Fi
As holidays approach, many employees will likely go out shopping and participate in other leisure activities. And most of the time, retailers, brands, and other businesses in public areas may offer free Wi-Fi access to their customers — which could be a major security risk. Hackers can deliberately create fake hotspots by the name of retailers to trick unsuspecting consumers, which can ultimately result in severe complications.
Avoiding public Wi-Fi is one of the most important steps to take when shopping online. Public Wi-Fi networks are easy for hackers to access. If a hacker accesses an employee’s device while they are connected to a public network, they could steal sensitive information of the employee and also the business if they had any stored in their device. To avoid this, businesses must encourage employees to only use private Wi-Fi whenever possible. Private networks have passwords that make them more difficult for hackers to break into than public networks. In a nutshell, trust no network and always use your own personal data or private connection.
Conclusion
Online shopping has become an integral part of today’s consumer landscape, with more than half of all consumers making some form of online purchase. That number is expected to grow as online shopping becomes increasingly popular, but with this growth comes the inherent risk of online fraud and identity theft. Fortunately, you don’t have to let these threats put you off your Black Friday shopping! You can shop safely on Black Friday and throughout the holiday season with proper precautions and implementation of the above-listed zero-trust security practices.