Now that Halloween has passed and Thanksgiving is on the near-term horizon, the holiday shopping season is kicking in. Almost as soon as the trick-or-treating ended the Black Friday ads starting pouring into my email box. This season some of the major retailers are announcing their Black Friday deals early even though they won’t be available for purchase until Thanksgiving. Of course most of us can’t resist peeking to see what we can get for less. According to a survey by the National Retail Federation (NRF), over half of holiday shoppers start their research in October or earlier. More than one-third will make a purchase in November, most likely during the period between Black Friday and Cyber Monday.
Shopping for gifts is typically a fun experience whether we do it in the stores or online. The latter continues to in grow popularity as we become more confident making our purchasing decisions on mobile devices. In a PwC survey 84 percent of respondents said they would spend at least some of their shopping time online. That’s a pretty high number. We can expect this trend to continue, which has implications for every organization.
Online shopping in the workplace poses potential risks for organizations, especially around the holidays. Cyber criminals know that we’ll be spending time shopping online so they’re more aggressive when it comes to launching spam and phishing attacks. Have you been receiving more emails lately about special offers such as a big sale or a new credit card? If you did make a purchase and you’re having the item delivered you’ll get an email on the delivery status. You may also be receiving holiday e-cards. Are you certain the email or e-card is legitimate? How about the website that you’re directed to? Open any of these, click on a link to go to a website where you’re asked to provide login credentials or financial information and you could be exposing your organization and yourself to potential threats such as ransomware. It doesn’t matter if your employees are connected over a wired, wireless or mobile network.
Securing your organization’s network and the data that travels across it from threats is a big concern. It’s not the only one, however. We know that during the holiday season employees will be spending work time researching and purchasing gifts online, which means their productivity will take a hit. In addition, these activities can consume large amounts of network bandwidth that would otherwise be used for business-critical applications. So do other holiday-related activities such as streaming promotional videos and holiday music. With the growing use of personal devices in the workplace the line between our professional and home lives has blurred. Employees often feel that if they’re using their own device, engaging in online shopping and other activities at the office isn’t an issue. The problem is, the device is often connected to the corporate network which introduces risk.
Look, no one wants to ruin the holiday spirit, so completely eliminating online shopping, watching videos and listening to music at work probably isn’t realistic. However there are steps can you take to minimize the impact these activities have on your organization. For example:
- Warn employees to be wary of emails from sources they don’t recognize
- If they do open an email, think twice about clicking on links
- Establish a policy for strong passwords and consider 2-factor authentication
- Utilize security technologies such as intrusion prevention and anti-malware to create multiple layers of protection
- Make sure you have a next-generation firewall than can decrypt and inspect TLS/SSL-encrypted traffic
Why is this last point important? Increasingly cyber criminals are using encryption to hide their attacks and legacy firewalls aren’t able to decrypt HTTPS traffic and scan it for threats. In our 2017 Annual Threat Report we found that over 60% of web traffic is now encrypted. Firewalls that can’t inspect encrypted traffic leave organizations susceptible to ransomware attacks and other threats.
If you’re unsure whether your current firewall can detect threats hidden in encrypted traffic, SonicWall can help. Our next-generations firewalls provide protection from threats hidden in encrypted traffic. Visit our website to learn more about comprehensive threat prevention at multi-gigabit speeds.