Over the past few years, people have increasingly turned to online shopping for their holiday gifts. Whether it’s on Cyber Monday or another day during the holiday season, people are spending more money online now than ever before.
While many businesses may prefer their employees don’t shop using their work computers, the reality is that many still do. This leaves your clients—and their networks—vulnerable to compromise. So, it’s imperative that you give your customers and their employees the training they need to stay safe.
Even a simple email communication about cybersecurity risks, both online and offline, can subtly remind your clients about your value and expertise.
To find out what MSPs should explain to their clients this holiday season, I sat down with Ian Trump, Global Security Strategist for SolarWinds® MSP. Here’s what he had to say.
Q: Ian, thanks for talking to me. During the holiday shopping season, what should people do to deal with the increase in internet traffic?
Ian: Cyber Monday—and all the shopping days after—are a solid test of the Internet’s capacity. For home users, shop early in the morning. This will yield the best experience as evening Internet traffic will spike dramatically.
Don’t forget that in addition to the heavy load of online shopping traffic, you have all the Netflix streaming taking place in the evenings to contend with. So make sure your endpoints—and for MSPs, all of your customers’ endpoints—are up to date with the latest software. There’s a good chance the updates included performance fixes.
Q: I’m sure that the spike in Internet traffic leads cybercriminals to also try to take advantage. What should MSPs do to keep their clients safe?
Ian: As I just mentioned, make sure all of their software is up-to date—that’s probably the number one thing to do. And this includes updating the antivirus software.
Also, make sure to provide user awareness training. Tell them to try to avoid using their credit cards online if at all possible. If there’s an option to use PayPal, they should use that instead. PayPal offers protection from fraudulent merchants and has some of the most sophisticated anti-fraud online protections available today.
If they must use a credit card, they should try and get a card (now would be the time to apply) that’s dedicated for online shopping only, with a reasonable limit—no need to expose their main day-to-day card. If something goes sideways online (or even at a brick and mortar location) the damage will be limited to that card.
Many shopping websites will ask you to create an account with them (sometimes paying with PayPal does not require you to make an account—bonus), so don’t use a password that you have used somewhere else. A password algorithm here may be helpful. Try something like “OnlineXmas2017-<name of online service>” example “OnlineXmas2017-maplin” from a cyber criminal’s perspective this is a hard password to crack.
Q: What else can people do to stay safe when shopping?
Ian: Risk is everywhere, whether it’s a compromised ATM, a pin pad at a merchant store, or an encounter with a skilled pickpocket. There’s always cash from your friendly bank teller and a trip to a local business for gifts.
Q: What about businesses in particular? What can they do to prepare for the holiday season?
Ian: If businesses—enterprises, MSPs, or small businesses—are just thinking about this holiday season now, it may already be too late. For enterprises that host ecommerce sites, now would be a good time to invest in a web application firewall to protect your website from cybercriminals.
Again, make sure to offer security training to your users—even an email advising them to be vigilant while shopping online may be helpful.
Finally, be prepared to scale with traffic demands—make sure you have a hotline to the hosting provider or developers. “We need more processing, memory, and disk!” is not something you want to be saying in the run up to the holidays or during the post-holiday sale season.
With so many people going online to shop—and so many businesses offering deals—cybercriminals have a slew of opportunities to take advantage of users who don’t have their security foundations in place. By implementing Ian’s advice for customers (even with simple user awareness training), MSPs can go a long way toward shutting down cybercriminals this holiday season and beyond.
Have you implemented any new security procedures or tools for the holidays? Join the conversation on Twitter to tell us what you do to keep your customers safe.