In 2014, my daughter was 10 and was deep in the throes of Frozen-mania. A certain song became seared in all our brains. Disney’s billion-dollar juggernaut consumed every waking moment, and my daughter wanted an Elsa doll to share the experience with. It turned out that she was not unique in her interest, and Frozen merchandise was sold out across the U.S. Once $15.95 dolls started selling for over $1,200 online, it was time for a teachable moment about the value of delayed gratification, which went about as well as you might imagine. Fortunately, after a few months, Disney was able to catch up with the demand and I was able to get back in my daughter’s good graces.
Parents in 2021 are encountering these same issues and emotions, except that now virtually everything their kids would want is out of stock. Even if your business doesn’t deal directly with retail sales, these supply chain outages can have a significant effect on your cybersecurity because they impact your employees. In short: Parents get desperate, and sometimes desperate people make security mistakes.
So, what can you expect to see for the remainder of the holiday season? Around this time of year, your employees will get busy, they will get stressed, and they will also receive a significant increase in legitimate email promotions that they may want to leverage for their holiday shopping. This makes it harder for them to identify phishing attempts and is a recipe for people to click on a link that they ordinarily wouldn’t. This puts your employees’ credentials and your organization’s data at risk. Successful phishing attacks are among the most frequent attack vectors into corporations, a situation that has only worsened with the blurring of corporate and personal IT equipment that has occurred due to the pandemic and a widely distributed workforce.
And if historical precedent is any guide, these attacks will ramp up considerably over the holidays. Attackers know that IT departments are operating with a small staff over the holidays, so it’s an opportune time to launch a network intrusion. This means less chance of immediate discovery, and more time to establish a beachhead and obscure your activities before the full staff returns.
Want to ensure you are protecting your data? There are some things you can do now to keep your organization and your employees safe during this season. Ideally, you already have email security with phishing filtering in place. Whether or not you have an IT solution, you need to implement staff training and education to help keep everyone protected during this unusual time. The normal guidance about not clicking on untrusted links continues to be important, but there’s additional education needed due to cyber-criminals seeking to leverage the supply chain issues. Online shopping searches turn up more new storefronts than usual – some legitimate and some not. And when an unknown store claims to have that one thing you are looking for, it’s very easy to talk yourself into overlooking some warning signs.
Before you share your personal info with a website that you aren’t familiar with, it’s important to validate the authenticity of the site. There are some straightforward ways to get a handle on things:
- Search for the domain name and see what folks are saying about it. If you can find a reference from a source you trust, that’s a good first indicator.
- Look up the site URL in the WHOIS database. This will give you the date that the site name was first registered. If it’s a new site, then you can evaluate your comfort level with being among the first customers.
- Use the Wayback Machine in the Internet Archive to see the history of the URL. The Wayback Machine archives previous versions of web pages – so take a look and see if the site you are evaluating has done anything unexpected. While you are there, please consider donating to the Internet Archive as they are doing great work.
To sum up: it’s going to be a challenging holiday season for all of us that depend upon the global supply chain. That’s why it’s so important to recognize this and to get prepared. Take advantage of the time you have now and focus on getting your staff ready. Some reasonable steps will help you a great deal – and frankly, it’s just too important to “Let It Go.”