Five ways to protect yourself from cyber-attack during consumer frenzy times

Issue 1 2022 Information Security

Throughout the year various events occur, such as the recent Valentine’s Day, Black Friday, Halloween, Christmas and so on, all of which prompt a massive increase in online buying as consumers mark the event by purchasing gifts, sending flowers etc. Over the years these events have become super commercialised through intense advertising campaigns aimed at pushing consumers to buy online.


Byron Horn-Botha.

Valentine’s Day has turned into a commercial celebration of romance, however, for this one celebration alone researchers at cybersecurity firm, Check Point, have revealed a darker side. Not surprisingly cybersecurity researchers reported a massive increase in malware attacks over the Black Friday weekend in November last year, with the number of websites attacked up to 50 times a day registering a jump of over 300%.

It will be interesting to see the statistics that emanate from this year’s Valentine’s Day, but it is reported that in the run-up to 14 February, 2021, cyber-attackers launched over 400 new Valentine's Day-themed phishing emails targeting innocent users every week – this represents a 29% increase on the previous year.

Hackers are now deploying a bigger-than-ever arsenal of scams, including phishing emails and fake e-greeting cards filled with malware, fake florist websites that steal credit card information and dozens of other ruses. What businesses need to do is to ensure that management and staff, at all levels, are security-savvy and not exposing the company to cyber breaches as they strive to get that bargain or send those flowers and gifts for special occasions.

Cybercriminals have long since worked out that most people are less guarded around holidays when they're feeling festive and also busy, so the bad actors escalate their attacks at these times. Lessons are there to be learned about being cybersecurity alert and they apply to these types of scenarios throughout the year. Staff need to be aware of the ways in which they can protect themselves and their company as they scour the net.

Five ways to protect your business from cyber-attack

1: Be on high alert during your high season

Company owners are well aware of the most critical times in their businesses. For example, if you run a pool-cleaning company the summer months are your peak period. The weeks and months before Christmas are make-or-break if you have a toy store and Easter and Halloween are your big seasons if you operate a sweet shop.

These are the times when your systems and data must be up, running and working smoothly. Whilst you know this only too well, so do hackers. They will use this knowledge to target your company when it is most vulnerable and extort the maximum ransomware payoff. Hackers understand that if they choose Valentine's Day to compromise the website of a flower chain, the chain will pay a hefty price to get its systems back up and running because every hour down is more money lost.

All businesses should be on high alert during their high season. You must ensure, at these times, that you have the protection necessary to thwart hackers. Your defences must be strong when you most need them.

2. Back up and encrypt your data

Offline backups and data encryption can play a crucial role in protecting your organisation from ransomware attacks. You should quickly restore any compromised systems if you have good offline backups. The backups also need to be offline because all your online connected drives will be locked up in the event of a ransomware attack.

Encrypting your sensitive data is also highly recommended. If attackers gain access to your critical assets, they won't be able to extort you if your data is securely encrypted.

3: Educate your employees

Almost 90% of security breaches are caused by human error. But a security-awareness training programme can effectively teach your employees what they need to know to prevent breaches, such as how to recognise those phishing emails that open the door for almost half of all ransomware attacks.

You can also help by reminding your workers to practice good cyber-hygiene, especially now that employees are often working remotely. Stress the importance of basic measures like backing up data on a consistent schedule and in multiple places. If workers are storing data primarily on a USB drive, remind them to back up that data on a hard drive or in the cloud. If they're storing data primarily in the cloud, remind them to save a copy offline.

4: Add MFA to your systems

Here are two stats to think about. 81% of breaches leverage stolen or weak passwords. One million passwords are stolen every week.

But you can protect against pilfered passwords with multi-factor authentication (MFA). It's one of the easiest and best ways to defend your business from a hack and it brings an extra, effective layer of security to your systems.

Adding a second authentication factor, such as Google Authenticator, is vital for protecting your accounts. Using a password wallet that stores all your passwords and creates long, complex passwords for each account is also recommended. Always, of course, make sure to turn on two-factor authentication for the password wallet account.

5: Test your defences

While it's essential to have a strong backup, it is just as crucial that you're able to recover lost data quickly and thoroughly. Ask yourself: are you able to do this? You can only be certain if you test. You should regularly test your backup copies to be sure they can reliably restore your data.

You should also test your security regularly. An excellent way to do this is with penetration testing. A pen test is a simulated attack on your business that evaluates the security of your IT infrastructure. Remember the average cost of a data breach is now estimated to be over $4 million so it is wise to invest in protection measures not only during these high profile, highly commercialised events, but throughout the year.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...
ISPA’s take-down process protects from local scams
News & Events Information Security
During the recent school holidays, parents could rest a little easier knowing that ISPA, SA’s official internet industry representative body, is removing an average of three to four problematic websites from the local internet every week.

Read more...
NEC XON disrupts sophisticated cyberattack
Information Security
NEC XON recently showcased its advanced cyberthreat detection and response capabilities by successfully thwarting a human-operated ransomware attack targeting a major service provider.

Read more...
What’s your cyber game plan?
Information Security
“Medium-sized businesses are often the easiest target for cyber criminals, because they are just digital enough to be vulnerable, but not mature enough to be fully protected," says Warren Bonheim, MD of Zinia.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.