Cybersecurity Blog | Compuquip Cybersecurity

How Can You Ensure Secure Shopping Online?

Written by Eric Dosal | July 16, 2018

Over the years, online retail sites (such as Amazon.com) have grown from being small-time businesses to become enormous threats to traditional brick-and-mortar stores such as Walmart and Target. The convenience factor of being able to shop for almost anything from the comfort of your home (or office), and having products delivered to your doorstep, has ushered in a new era of digital-based shopping.

However, this also introduces new elements of risk for shoppers and even for businesses that aren’t in retail. As online storefronts become increasingly common, more and more employees are taking time away from their workday to browse for products and complete online transactions. This risk only increases around limited-time shopping holidays, such as Amazon’s special “Prime Day” event in the summer.

What are these risks, and what can you do to ensure secure shopping on Amazon Prime Day in your organization?

The Risks

Many of the risks of shopping online during Amazon Prime Day and other online storefront sales events are the same as the risks of visiting any online storefront throughout the rest of the year—it’s just that these risks are somewhat enhanced because malicious actors know that big sale events such as Prime Day can be an excellent opportunity to strike. These risks include phishing, data/identity theft among employees, and data breaches of your company’s network.

Phishing

One of the biggest risks to safe online shopping is the threat of phishing attacks. According to information from a British Retail Consortium survey cited by The Telegraph, “Phishing is the number-one concern for retailers.” Many attackers use targeted phishing attacks to imitate online retailers (and other organizations holding major events) to exploit their victim’s eagerness to get an exclusive or limited-time deal.

The risk here is that an employee, looking to check out a deal really quick, might receive a phishing email while at work and accidentally end up downloading a piece of malicious software (malware) that infects their work computer.

Employee Data Theft

Another major risk is employee data theft. Using phishing techniques, such as phony emails posing as deal newsletters from Amazon or setting up fake storefront websites to imitate other storefront sites, attackers can steal sensitive financial information about your company’s employees.

This can lead to your employees suffering identity theft. While this may not impact your business’ data security directly, it can harm your employees. This can impact their ability to focus on work—indirectly affecting their overall productivity and ability to produce high-quality work.

Data Breaches from Unsafe Web Browsing Activity

As mentioned before, some of your employees may be tempted to engage in some online shopping from their workstation—just to see what deals there are online. Wasting time at work is an almost time-honored tradition—in fact, according to information cited by The New York Post, “The average office employee is spending about five hours a week on his or her cellphone on things that have nothing to do with the job.” This includes activities such as answering personal emails, checking social media, and doing some online shopping.

However, not all employees keep their online shopping to their smartphones. For example, iPhone users often switch to buying their digital services and products on their computer’s web browser because Amazon (and many other retailers selling digital goods) blocks app users from making digital product purchases in their iOS apps.

Why? Because Apple takes a cut of any purely digital product transactions done in an iOS app. According to data cited by CNN, “Apple's policy is to take a 30% cut of any in-app purchases made through apps on its platform. That includes e-books, movies, music, and things like virtual stickers.”

By blocking such iOS app transactions, Amazon and other online retailers can keep a bigger portion of their profits. Unfortunately, this may mean that your employees might do some online shopping from their computers at work, exposing your network infrastructure to all of the risks of unsecure web browsing.

When work devices are used to access fake storefronts, it exposes your network to the threat of malware being downloaded and your company’s sensitive data being stolen or compromised.

Limiting Your Risks to Enable Secure Shopping for Your Employees

The basic strategy for protecting your business—and your employees—from the risks of unsafe online shopping is largely the same as the strategy for ensuring safe web browsing and preventing data leakages at work in general. Some key tips include:

  • Restricting What Sites Employees Can Visit On Work Devices. Restricting employee access to non-work websites can do wonders to blunt the rate at which your people fall victim to fake storefronts. Here, rather than blacklisting a bunch of specific sites, it may be easier to just create a short “whitelist” of approved sites and blocking all other web traffic—though this may have its own risks to productivity if your employees need to visit a website that’s not on the whitelist.

  • Creating a BYOD Policy (and Enforcing It). Bring Your Own Device (BYOD) policies help make it clear to employees what is and is not appropriate behavior regarding the use of personal devices at work.

  • Using Virus/Malware Scanning Software for Your Workplace’s Emails. Many phishing attacks rely on your employees to download a malicious software program from email attachments. Antivirus/antimalware programs can help your employees avoid accidentally downloading these malicious programs by scanning attachments and flagging those that are suspicious.

  • Educating Your Employees about Online Shopping Risks. A lot of the major risks of online shopping could be nipped in the bud simply by letting employees know about those risks before they fall victim to a phishing email or a phony storefront. An informed employee is much less likely to fall victim to phishing emails and related scams than one who has no idea about the risks.

  • Test Your Employees. Rather than simply hoping that the lessons from any employee training you provide stick, it’s important to actually test your employees’ knowledge of online risks—such as by creating your own fake phishing emails and seeing how many employees fall for it. Such testing lets you know how effective your employee education program is, and how much work you need to do.

Need help implementing a cybersecurity solution that can help improve your workplace’s online safety? Or, just want some more information about how you can ensure safe shopping for your team? Contact the experts at Compuquip Cybersecurity for help and advice. We’re all eager to help you keep your business safe from online threats so you can focus on your goals.