Ahh, Black Friday. It’s a plentiful day (now stretching to a full week), brimming with shiny bargains and special offers.
Every year, Black Friday comes and goes almost as suddenly as it appears. Like a thief in the night, it burns holes in our pockets and puts retailers and organisations back in the black. This year more than ever, Black Friday will play a fundamental role in aiding many businesses recovering from the adverse effects of COVID-19.
However, despite its merits, sorry looking bank accounts and bargains are not the only thing that Black Friday opens us up to. It also opens up organisations to data breaches. Take Amazon, for example. The Amazon sale for Black Friday 2018 saw a significant data breach. The details of thousands of customers were leaked just hours before the event took place. The leak was put down to an ‘inadvertent technical error’, suggesting it was Amazon’s IT team that took the hit for the breach.
Prophets or Profits?
So why do events like Black Friday leave our businesses more susceptible to cyber-attacks, hackers and data leaks like this one?
In the bustle of Black Friday, organisations big and small are often scrambling to ensure their servers can manage the onslaught of site traffic. They’re trying out new applications, forming new programmes, transferring ecommerce to the cloud; the list is endless. Actions like this, although well intended, can often leave minor – and sometimes major – gaps for data breaches.
For instance, a simple human error could be made in the rush to prepare things. It could cause the malfunctioning of a programme required to process customer data; ultimately leaving the data vulnerable, out-in-the-cold and easy for cyber criminals to gain access to.
On the other end of the spectrum, cyber criminals may directly attack less secure sites in the knowledge that Black Friday brings an abundance of opportunity to credential surf or RAM scrape.
Vigilance or Vigilante?
To combat potential breaches like these, organisations should take into account that Black Friday is simply not ‘business as usual’. Programmes and applications should be tried and tested with vigour. Data protection software should be up-to-date and functioning at full capacity with all-hands-on-deck. Extra layers of data protection may even be required. For optimal management, you may want to consider a SaaS data platform.
It also bodes well to remember, whilst customers do have a responsibility to protect their own data – organisations should be making this easier for them, not harder. Any external emails to customers should be well designed and clearly marketed, making it easier for customers to tell a real email from a fake phishing attempt. It should also be made clear what customer data may be shared and why.
So, don’t rush, be meticulous, test, test and test again. And, most importantly, happy bargain hunting!