Cyber vigilance during the Christmas period

Cyber vigilance during the Christmas period

The Federation of Small Businesses recognises the impact that cyber security matters can have on its members. As part of its legal services package, all Essential members have a right of membership access to a cyber security advice line. They advise on broad ranging issues, including ransomware, malware, managing cyber risks, what to do if you lose a laptop and encryption.  

The service is staffed by a specialist firm, NCC Group and is available from 8am to 8pm - Monday to Friday. You can contact them by calling the Legal Helpline on 0345 0727 727.

Being the year's premier shopping period, this season may represent a profitable quarter for small businesses but it also presents opportunity for fraudsters, scammers and cyber criminals. Both buyers and sellers alike must remain vigilant to ensure a happy holiday.

Advice for sellers

Businesses are at equal risk of being exposed to scams as their customers and often fraudsters will exert more effort and use more deceitful tactics against businesses for the chance of a greater reward. The additional workload associated with increased sales over the Christmas period can also lead some to drop their guard, increasing a business’ exposure to fraud. Consider the tips below to reduce the risks to your business:

  • Promote vigilance of phishing emails and phone calls within the company. Be wary of customers attempting to put you under pressure to complete something such as a payment transaction as this may be a sign of a scam.
  • Be wary of invoice fraud style attacks where a fraudster will change the bank details on an otherwise legitimate invoice or request for payment. If you observe any change to payment details or if a customer requests a different payment method than usual, contact them directly via phone to verify their authenticity.
  • Ensure you are happy with the physical and digital security of your business before the Christmas period when most businesses are closed and an attacker may have several days of uninterrupted access. Ensure passwords are strong and unique, networks are free from infections and all security systems and devices are operational and up to date.
  • Consider taking a backup of all critical data prior to or during the Christmas period. Many businesses struggle to fully backup their devices as they are in use throughout the year but this period presents a time when many members of staff will be on holiday allowing for a more thorough backup. Networks also tend to be less congested, minimising the impact taking a backup may have on a company and its network.
  • Contact payment processors and ask what steps can be taken to prevent being a victim of banking fraud. A genuine but stolen bank card may be used to purchase goods from your company and a refund or chargeback may be performed at a later date. Your company payments processor will be able to advise on what protections are in place to prevent this and what the process is should this occur.

Advice for buyers

Beware sale and voucher scams

Savings can often be made over the Christmas period with days such as Black Friday driving online sales but remember that if something sounds too good to be true, it probably is. Scammers know that shoppers are searching for the best online deals and use this to their advantage by setting up fake shopping websites with rock bottom prices or by offering free shopping vouchers to those willing to handover personal information.  Scammers are increasingly using services such as Whatsapp or Facebook to distribute these scams where they can pose as a genuine seller or brand with ease and leverage the accounts of previous victims to legitimise and rebroadcast their messages to a wider audience. Protect yourself by doing the following:

Be wary of unsolicited links and messages received via email, SMS, Facebook or Whatsapp, even if they are from a genuine contact. If in doubt over the legitimacy of any message then ignore it and do not click any links provided.

Try to only purchase goods from reputable vendors with whom you have had prior experience. If you are considering purchasing goods from an unfamiliar vendor then research the company first by searching for online reviews. Companies such as TrustPilot list customer reviews for online stores and brands and are a good place to start but ideally you should try to find reviews across multiple websites. Be very suspicious of unfamiliar online vendors offering goods at prices drastically cheaper than competitors.

Secure new devices

Many new devices will be purchased and gifted over the Christmas period and the optimal time to secure them is prior to daily use. This is especially important for devices which will be given to children to prevent accidental damage and ensure their online safety. The features available will differ depending on the device purchased but generally the following steps can be taken:

  • Ensure the device is password protected and enable additional security features such as device encryption if possible. This will prevent further issues in the event that the device is lost or stolen.
  • Set the device to update automatically to ensure the latest security patches will be installed regardless of user action.
  • Enable any built in malware protection and ensure it is also set to automatically update if possible. For laptop and desktop computers, consider purchasing additional security software from a reputable vendor.
  • Enable any parental control features which may be useful to prevent adolescent users from breaking the device or being exposed to inappropriate online content.
  • If possible, take a backup of the device whilst it is new so that it can be restored to this configuration at a later date if required.

If you plan on purchasing any internet enabled household devices (commonly called IOT or Internet of Things devices) such as lightbulbs and power sockets then it is recommended that you research their safety online before buying as some products have been released with irreparable security flaws. Similarly, flaws have been identified in several internet connected children’s toys in recent months and so vigilance should also be exercised when purchasing a product of this nature.