NCSC: Five Tips For Shopping Safely on #BlackFriday

Written by

The National Cyber Security Centre (NCSC) has encouraged shoppers looking for Black Friday bargains to follow a five-step guide to stay safe whilst buying online today.

The NCSC – a part of GCHQ – is promoting tips to help protect shoppers as criminals look to take advantage of the annual Black Friday rush to secure online bargains. The advice comes as the NCSC’s own research found that 37% of people think that losing money or personal details over the internet is unavoidable.

Dr Ian Levy, technical director at the NCSC, said: “The NCSC wants online shoppers to make the most of Black Friday bargains, and our top tips will make life much harder for would-be cyber-criminals.”

We understand that some people find cybersecurity daunting, but a small amount of protection will go a long way to improving your safety, he added.

“Sometimes, things can go wrong. We’re all human, and some of these scams are very sophisticated. If you think you’ve fallen for a scam, report the details to Action Fraud and contact your bank.”

The advice, which can be found in full on the NCSC’s website, includes:

  1. Stay up-to-date: Cyber-attacks are always evolving, and the best way to protect against the newest threats is by installing the latest software and app updates.
  2. Use strong passwords: Be creative so criminals can’t guess them. A good way to create a strong and memorable password is to use three random words or numbers.
  3. Use a password manager: Reusing the same password across different accounts can mean one breach compromises multiple accounts. Use a password manager to help you store your passwords securely and save yourself the trouble of remembering them.
  4. Turn on two-factor authentication (2FA): 2FA means anybody wanting to access an account has to pass two checks, such as sending a security code to your mobile phone in addition to entering a username and password. This massively reduces the chance of being victim of a scam.
  5. Don’t give away too much information: There’s some obvious details that an online store will need, such as your address and your bank details, but be cautious if they ask for details that are not required for your purchase. If you can avoid it, don’t create an account on a new site unless you’re going to use that site a lot in the future.

Security experts have also warned of the risks that Black Friday poses to organizations too.

“For businesses, there are two ways to look at cyber-risks around Black Friday,” said Tim Erlin, VP, product management and strategy at Tripwire. “The first is that, simply because it’s a busier time and more money is flowing through their systems, attackers will be more likely to target them, hoping for the busyness to serve as a diversion.” 

The second way to look at it is from an employee perspective, he added. “Staff may be shopping online from business-owned assets, thus potentially opening them up to Black Friday scams. For this reason, it would be worthwhile for business to focus on education and training on how to recognize scams and phishing attempts. Ransomware and other types of malware are also a concern for businesses around this time of the year. Those that are targeting the business itself ultimately just want the organization to pay the ransom, which can be avoided by having good incident response measures in place and secure, up-to-date backups.”

What’s hot on Infosecurity Magazine?