November 24, 2020
Cyber Security | Smishing
This year, for many small businesses, a strong Cyber Monday is crucial for survival. With the wild gyrations in purchasing patterns and demand for particular products or services this year, there are a great many small businesses who have a lot of ground to make up on Cyber Monday 2020. With online sales. And it CAN'T go wrong. With that in mind, this post is for those of you that have an especially "high stakes" Cyber Monday ahead. Amongst all of the pressures related to your email and web promotional materials, your online ads, and your communications with existing customers and prospects, we know it's easy to forget about cybersecurity. The problem is that if cybersecurity goes wrong on Cyber Monday, there is no way to turn back the clock and regain the opportunity to "win big" on that incredibly high-traffic online shopping day. With that in mind, here are the five things that you absolutely need to do to get ready for a strong (and SAFE) Cyber Monday:
1. Check Your SSL Certificate
Ever visit a website whose SSL Certificate has accidentally expired? The error message that modern browsers show in that situation is anything but comforting:
The problem? Many small businesses forget to track when exactly their SSL certificate is due to expire. That's a big no-no. Especially if it happens to expire right before or during Cyber Monday. The process of racing to procure a new certificate and install it -- and then to hope that web visitors clear their SSL cache and retry -- is enough of a time-consuming effort that it might mean missing Cyber Monday altogether. Do not go into Thanksgiving weekend without checking your current SSL certificate's expiration date to be certain that there is plenty of breathing room for it to be fully valid and functional during the Cyber Monday push.
2. Be Genuine via Email
In our 2020 year-end wrap-up (less than two months away!), we anticipate reporting that 2020 was the biggest year yet for phishing attacks. It won't even be a close call -- the phishing volume this year will blow away the second-highest year by a mile. So what does that have to do with your ability to communicate successfully with your clients and prospects, via email, leading up to Cyber Monday? A lot. It is absolutely essential that two settings be configured correctly for your outbound email -- DKIM and SPF. Do that right, and your customers will get all kinds of obvious signals about the legitimacy of the emails they receive from you. In Gmail, for example, you want your customers to see this:
We're not saying that your customers dig through the technical details of each email to check the authenticity and encryption characteristics of the email. What we're saying is that in this environment of widespread phishing attacks, your recipients have increasingly strict spam filters that are likely to throw your email out with the rest of the spammers / phishing attackers, if you don't do what a legitimate sender should do. Which is, to configure DKIM and SPF. Not sure how to do that? We can help.
3. Know Your Web Vulnerabilities
We don't like saying this, but it's the truth: almost every website that we evaluate for a new Havoc Shield client has vulnerabilities. Part of our work with our clients is to prioritize those vulnerabilities so that there is a clear path towards solving the crucial ones first. We've evaluated websites that (on our first try) readily reveal the list and contents of the files sitting on the server. We've seen sites that have subtle malware right in the frontpage of the website, lurking and putting visitors at risk. We've reviewed websites that use five-year-old versions of popular webservers that (by now) have hundreds of well-known vulnerabilities that are documented for any black hat or white hat hacker to see. We've seen it all. Promise us that you won't be one of these types of websites during your Cyber Monday push. We'll help -- try our free Rapid Threat Test to get a lightweight web vulnerability scan... it'll only take you three minutes:
Here's where to head to run the free lightweight web vulnerability scan.
4. Protect Your Administrative Accounts
Be certain that any administrative accounts on your website use a unique, strong password that you have never used on any other website. This will help protect you from an emerging technique called “credential stuffing,” by which hackers get access to your login information from one website and use it to gain access to other websites. Once a username and password that you use on one site shows up in dark web databases, there is a good chance that hackers will try that same username and password on other websites.
Or maybe they won't. Make sure that your crucial administrative accounts each use unique, strong passwords that you've never used on any other site. All modern password managers make it easy to generate -- and store -- unique, strong passwords.
Havoc Shield clients all get access to the excellent password manager made by Keeper Security -- included in our platform. Whether you use that to generate unique, strong passwords -- or whether you use something else -- PLEASE make sure you don't reuse passwords or use weak passwords that put your business at risk.
5. Slow Down to Avoid Phishing, Smishing, and Vishing
Here's a brief review. First there was phishing -- the technique where cyber criminals send an email claiming to be someone else and try to lure the recipient into disclosing some confidential or valuable information. Then there was smishing -- the same technique, but sent via text message instead of email. Now there's vishing -- where smooth-talking cyber criminals try to achieve the same result by leaving a fraudulent voicemail. It's a mess.
If you receive an unusual email, text message, or voicemail that seems suspicious, pause and reflect before taking any action. Phishing, smishing, and vishing are at an all-time high, and being in too much of a rush makes it easy to make a mistake.
Wrapping Up
From all of us at Havoc Shield, we wish you a strong Cyber Monday. One where you exceed all of your sales goals, maintain a strong sense of cybersecurity, and head into December with all of the momentum that you need to finish the year strong. If you have any questions about how to implement the above advice, please do get in touch. Whether it's just for a few words of advice, or for the use of our broader platform, either way we'll be glad to help you find the way to cyber safety.