From forest fires to a pandemic, from election uncertainty to an economic recession, 2020 has been a year of unexpected disasters on an unprecedented scale. Cybercriminals and fraudsters came out in force this year, in part because defenders were put on their heels with new baselines as well as very different work, school and home environments. We've never asked security teams to defend a perimeter as wide, wild, and intertwined as what they were defending this year: 2020 saw mundane attacks (including more DDoS and Phishing attacks) as well more subtle, damaging, and expensive ransomware attacks that targeted eCommerce and Healthcare.
On the lighter side, there's talk of a "new normal" in homes and businesses worldwide. The global response to the pandemic has led to a radically "at home" world; the World Economic Forum found that productivity has remained stable despite the shift to remote work, and in some cases has even increased. Microsoft, Twitter, Nationwide Insurance, and many other organizations have announced that remote work will be a permanent fixture going forward. With several vaccines in development that could bring us out of lockdowns and quarantines, the question of everyone's minds is how widespread these changes could be. We've gone from the old world of offices with some remote to work-from-home and now, potentially, work-from-anywhere.
2020 isn't done though! The annual cadence of shorter days in the northern hemisphere also brings a crucial season for retail before the darkest months of the year, both literally and figuratively. This Black Friday in the United States was one of the worst on record for brick-and-mortar stores due to fear of contagion and social distancing rules. Many stores offered major discounts in a desperate effort to recoup Black Friday revenue with Cyber Monday (and ultimately 'Cyber Week') deals. The truth is that shopping on Cyber Monday has been trending up for years in the U.S., rivaling Black Friday in terms of sales volumes. The same was true this November during Singles' Day in China, when local consumers spent a record ~$74 billion, according to Alibaba. This trend will likely play out in the UK and Canada as Boxing Day rolls around later this month.
Best practices for protecting eCommerce during the coronavirus pandemic
The bad guys are gearing up for these holidays. Not only have they had time to prepare and bring new tools to bear, but they know that consumers are overwhelmed and unfamiliar with the many new eCommerce services and apps. It's up to us to make sure that they only get coal in their stockings this year: these best practices can help those in the retail eCommerce ecosystem, from SMBs and large retailers to card-issuing banks and credit payment fulfillment companies, prevent fraud and improve the customer experience:
- Never click on the links you receive in emails, as they could be phishing scams.
- Never visit dubious websites and do not download anything.
- Keep your mobile devices up to date with the latest software updates. Never download mobile shopping apps from unofficial or unauthorized sources.
- Don't fall for SMS phishing attacks, in which hackers infiltrate mobile devices by using social engineering to pose as legitimate sources to get consumers to divulge personal information.
- Consumers should monitor their credit cards daily during the holiday season for suspicious and unauthorized charges.
- Consumers should pick one credit or debit card for their holiday shopping purchases to more easily manage and monitor transactions.
- Consumers need to regularly update their passwords. Do not use the same passwords repeatedly. Consumers should also consider using a password manager because they are easy to use and are safe.
Check out the RSA Fireside Chat Securing Ecommerce During the Holiday Season and Beyond and download the Q3 2020 Fraud Report for more insights into how to secure eCommerce.