Christmas shopping: How to stay safe and secure

It’s the holiday season and that means we’re all busy with fun activities, like online shopping for example. Many of us will do it between Black Friday and New Year’s, even for just a little while. Some of us do it at work. When employees spend time shopping online during work hours it presents a series of challenges for the organisation. Perhaps the three biggest challenges are network security, employee productivity and bandwidth consumption.

How popular is online shopping? In 2014, data from the IMRG revealed that spending on Black Friday reached an estimated £810 million, much of which was done online. This year, IMRG estimates retail sales will be in the region of £1.07 billion, an increase year on year of around 32 per cent. Experian also expects Black Friday 2015 to break records for online shopping, forecasting that spending will pass the £1 billion mark for the first time.

With this increase in online spending, it is inevitable that employees will take advantage of Christmas sales during working hours, and this can have side effects for the corporate network from email security threats, productivity and bandwidth.

Let’s start with network security:

  • Malware - employees who shop online at work inadvertently create opportunities for malicious attacks directed at their networks and organisations. The most common threats are viruses, worms, Trojans and spyware.
  • Phishing - phishing is an email fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from unsuspecting recipients.
  • Malicious advertising - commonly referred to as “malvertising,” this threat uses online advertising to spread malware which can then capture information such as credit card and social security numbers from infected machines.

Once you have worried about network security, employee productivity is the next item on the agenda:

  • The big drain - with workers bringing their own smartphones and tablets into the office, we’re seeing an increased blurring of the line between work life and personal life as employees exercise more freedom to use these devices for personal activities such as online shopping during work hours. When they're shopping on company time it means they’re not working so their productivity has decreased.

Finally, with this increased traffic usually going over the corporate Wi-Fi network, there can be risks to the amount of bandwidth available:

  • Disappearing bandwidth - with about half of your employees shopping online during the festive period, the bandwidth available to critical applications on your network is going to disappear. Therefore, it’s critical to prevent vital bandwidth from being consumed by non-productive web use.

While you can’t completely eliminate threats to your network, drops in productivity and misuse of valuable bandwidth, there are measures you can take that are well within the reach of your organisation simply by practicing good digital hygiene. Here are five things your organisation can do to reduce the risks of a successful attack while maintaining productivity levels and conserving bandwidth.

1. Help employees learn how to avoid malvertising and recognise phishing emails. Be on the lookout for suspicious emails and links, especially those requesting sensitive information.

2. Educate employees to use different passwords for every account. Establish policies for strong passwords such as guidelines regarding password length, the use of special characters and periodic expiration, and reduce the number of passwords through single sign-on.

3. Because many attacks are based on known vulnerabilities in browsers including Internet Explorer, as well as in plug-ins and common apps, it’s critical to apply updates and patches promptly and reliably. They will contain fixes that can block exploits.

4. Make sure you install an intrusion prevention system and gateway anti-malware technology on your network. They add important layers of protection by blocking Trojans, viruses, and other malware before they reach the company network. They can also detect and block communications between malware inside the network and the cybercriminal’s server on the outside.

5. Take back control of your network by limiting the use of your bandwidth to business-related activities. There are several technologies available such as content and URL filtering that can be used to prevent employees from visiting websites dedicated to shopping and other non-productive topics. Also, application control provides the tools to restrict the use of applications such as social media to employees who have a business reason to use them.

By following these tips, you can help to ensure that employees remain productive and that the corporate network remains secure and un-breached. By doing so, you will also enjoy the Christmas break.

Florian Malecki, international product marketing director, Dell Network Security

Image Credit: Shutterstock/mtkang