- Platform
- Human cyber risk management
-
MEASURE RISKS
-
REDUCE RISKS
-
RESPOND
-
- Resources
-
FOR EVERYONE
-
FOR CLIENTS
-
Black Friday and Cyber Monday were introduced to the UK in 2010. Previously known as a North American event, it traditionally marks the start of the Christmas shopping season as many stores offer highly promoted sales at discounted prices.
Fun fact. The origin of Black Friday dates back to the 1950s. Police in Philadelphia used the term to describe the chaos that ensued the day after Thanksgiving. Hordes of shoppers and tourists would flood the city before the big Army-Navy football game held on that Saturday every year.
Since 2016, the popularity of Black Friday has grown exponentially across the UK. In 2016, total spending on online retail sites during Black Friday was £1.23 billion, a 2.2% year-over-year increase from 2015.
Then in 2017, UK retail sales in November grew faster than in December for the first time, thus ending Boxing Day as the traditional sales shopping event of the year.
Last year in 2021, Black Friday and Cyber Monday sales hit a record high in the UK, with consumer spending up over 20% on the previous year at £9.42 billion.
Due to the cost of living crisis hitting pockets hard this year, there is a projected drop in sales for the 2022 season. Statista forecasts that UK consumer spending will drop to £8.71 billion over the four days starting with Black Friday. If we also couple this with the distraction of the World Cup taking place in Qatar, it's no surprise to see such a drastic fall in spending.
However, £8.71 billion in spending over four days should not be ignored. Especially given that even though we are discussing shopping deals here, it all links back to putting your organisation at risk of increased security threats due to employees' behaviour changes as usual security practices go out the window.
The usual rationale seems to go out of the window regarding the Black Friday weekend. We've all seen the reports on the news each year with people stampeding over each other, arguing over microwaves, and even physical violence towards others as they try to secure a "deal".
There have even been repeated warnings by companies like Which? who analysed 214 Black Friday deals last year across seven major retailers and found that 86% were cheaper or the same as their Black Friday price in the six months before the event. 209% were more affordable or the same price at other times of the year.
So, why do we go so crazy for deals?
FOMO (Fear of Missing Out)
Fear of missing out plays a huge role in our decisions. The marketing arms behind Black Friday and Cyber Monday deals are explicitly designed to make you feel like everyone else will get a massive win by bagging this huge bargain if you don't.
Seriously, type into Google "Black Friday FOMO", and you will see a bunch of articles around "FOMO marketing strategies that increase Black Friday sales" or "How to use FOMO to boost Black Friday sales". For weeks beforehand, every website sends you newsletters, each website has a flashy discount call to action, and nearly all the high street stores have giant window banners about the discounts.
All of this attention during the lead-up with these "limited-time offers" affects your brain and makes you want to go shopping, even if you don't have any particular purchase in mind.
Research has also discovered that most people feel FOMO at the end of the week and the end of the day. Having this event on a Friday makes the FOMO feel especially strong. Also, it usually falls on the last payday before Christmas, meaning people have more disposable income and feel more reckless with their spending if confronted with a deal.
Enjoying the rush
Finding a deal and securing that deal affects your brain chemistry. When you secure that hefty -75% price tag on your dream item, your dopamine (feel-good hormone) levels spike.
This causes the reward centre of our brains to fire on all cylinders, and you're left feeling great. However, there can be a downside where people are constantly chasing that feeling as dopamine-surging activities have been seen to be contributing factors in the building of addictions.
There is also the bragging effect of feeling like you have achieved something exclusive. Being able to talk to friends, family, or coworkers about your latest deal can drive the decision as people want to be able to showcase the savings as an almost bragging point.
These elements can lead people to abandon their customarily reserved shopping behaviours. The idea that they must have this now means they will try to get it immediately. This means they could make purchases on work laptops while working, when they're out in public, or on unsecured Wi-Fi. Doing so can lead to careless security practices, which they would typically abide by and directly impact the business.
We all know the feeling when it's the end of the month, a Friday, and you've just been paid. You know the bills that are due, but there's also disposable income already burning a hole in your pocket. All the work for the week is done to the best of your ability, and it's time to bag some deals.
There are numerous risks that employees will be facing while being bombarded with every Black Friday and Cyber Monday marketing technique known to man. A lot will happen on work devices and during working hours as employees naturally browse the web during downtime.
Key cyber risks:
Phishing
This is the big one. Hackers aim to trick users into sharing sensitive data by sending promising deals which contain malicious links. This can be an email, a text message, or even a targeted ad on social media.
E-Skimming
This is a type of malware where a threat actor implements lines of malicious code into a website which then steals data from HTML fields, including credit card data and other credentials.
Verification Code Scams
Multi-factor authentication is great, but it's not impenetrable. Scammers can pose as your bank or major retailer, asking you to confirm a verification code to finalise your purchase. The scammer likely already has your login information and password and needs the code to access your accounts.
Browser Extensions
Installing unverified "money-saving" browser extensions can sometimes be legitimate, but scammers can release fraudulent browser extensions containing malicious software to phish your data.
Smishing
This is a form of phishing that uses mobile phones as the attack platform. The purpose is to gather personal information, including credit card numbers. Lately, there has been a surge in WhatsApp messages where the intended target receives a message from their boss asking them to send them some gift vouchers as they're stuck in a meeting.
Any of these attacks can leave your organisation vulnerable to risks and breaches by one careless act from anyone in the organisation.
A common issue is users using their work email addresses to sign up for promotions or to use shopping services like Amazon. Usually, they use the password attached to their work email to use these services as it's easier to remember for a one-time shopping deal. All it takes is one instance of the password being leaked to expose the entire organisation. This method is the equivalent of losing your keys with your full address listed on a fob because most work emails involve employee.x@company.com.
Company Reminders
Behaviour change needs to be implemented all year round. However, ramping up efforts during difficult times of the year is essential. Showcase the dangers out there and how best to combat them, whether through automated nudges or manual emails and marketing collateral. Also, give valuable tips to employees such as using VPNs, not shopping on public WIFI, or setting up virtual cards and temporary bank accounts.
Don't use work devices
This all comes with part of the training and making your employees aware, but gently remind them to use personal devices for shopping. It's crucial that your network is not exposed to risk while they do their online Black Friday or Cyber Monday shopping.
Keep your eyes peeled
Over the holiday weekend, security monitoring needs to be ramped up. The dangers don't end at 5:30 pm on a Friday. Users can take their work laptops home and shop for deals on their home networks. Our hearts go out to the security team, but they need to monitor traffic, servers, firewalls, social media, and user accounts.
Identify your Cyber risks
Understanding where vulnerabilities lie in your framework allows you a better fighting chance of combating them. If people work from home, make sure they change the default settings and password on home routers, for example. Check that the company network is secure and things like firewalls are configured correctly. This can help security over the holiday season and make you aware of problems that can be resolved to help your company year-round.
Time for an update
This is the perfect time of year to ensure all applications are up to date. Ensure that all apps are updated, as this will help reduce vulnerabilities that hackers can take advantage of if they manage to get through.
Remember, people prevent breaches. Understanding what actions your employees and management teams take while at work is crucial to protecting the organisation and themselves.
At CultureAI, we ensure real-time visibility into human risk on a wide variety of different user behaviours - more than click rates, report rates, or training completion.
From that, teams pull meaningful insights on individual users, departments and teams, or the company as a whole. We then combine this with clever automation to drive long-term behaviour change.
By combining human risk visibility and automation, we empower companies to see a meaningful change in their security culture and reduce Cyber risk as a result. Our mission is to keep you safe all year round, especially on these trigger point holidays such as Black Friday or Cyber Monday.
