<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1703665079923990&amp;ev=PageView&amp;noscript=1">
Skip to main content

Black Friday, Cyber Monday, holiday gifts and New Year's celebrations – these are some of the factors that make November through January the most active online-shopping period of the year. 

Market analysts consider Thanksgiving through Cyber Monday the "Cyber 5" the five days of the year with the largest online deals and highest volume of online shopping activity.

With an increase in online activity comes an increase in cyber threats. Whether you're shopping from home, on the go, or sneaking it in at work (we aren't judging), it's vital to make security-conscious choices during this season of peak criminal activity. And if you're a retailer yourself, your customers are depending on the integrity of your systems to protect them and their personal information.

Skip to security tips for retail businesses.


Consumer Security

While the cybersecurity industry is relatively new, awareness is increasing among everyday technology users — with specific emphasis on the cyber threats they face as consumers. While many people understand the impact of stolen credit cards, passwords, or other identity information, a common factor among consumers is a lack of awareness about what they can, and should, be doing to protect themselves.

Here are a few of our top tips to help you get started this season.


Check for SSL / TLS Certificates

This is an easy one that only takes a second to consider as you shop online, but it can tell you some very important information about the sites you're visiting.

An SSL certificate on a website is proof that web traffic and information exchanged through the site is encrypted and secured. It also authenticates the destination server that your information is flowing to and verifies the legitimacy of the website. 

In the address bar of your browser window, you'll see a lock or similar icon that indicates the site is SSL certified and secured. For sites without an SSL certificate, you might see an alert or message that says "Not Secure".

SSL / TLS certificate infogressive   VS  no SSL certificate - not secure

It's a good idea to be cautious of shopping or creating an account on a website that is missing this type of security certificate.


Beef up your account security

There are a few ways to do this, and we would recommend you employ these methods on all accounts where you have connected a credit card, bank information, or other personal information that could be breached.

  • change your passwords (Hint: use Strong, unique passwords)
    Did you make your Disney+ password "ilovedisney123" before finding out that accounts were compromised? (Or really, do you have any online accounts that use passwords like that?) Either way, it's time to change them.

    Both logins with weak passwords and accounts with brands that have recently made the news for a breach should get a password upgrade. Switch to strong, complex passwords and store them securely (read: NOT in your browser). 
  • eliminate any re-used credentials
    We're all guilty of it, but acceptance is the first step toward recovery, right?

    Reusing the same password combinations with your email or standard username is a recipe for disaster. Remember the Disney+ "breach" that happened within days of the platform's launch? It wasn't Disney that got hacked — it was the users. Username + Password combinations obtained from previous breaches were used to try and access Disney+ accounts... and it worked.

    It worked because we're creatures of habit, and even after we've had to change our password before, we like to go back to what we know (and what we know we'll remember). 

    With so many credentials being leaked with each data breach, this practice has to come to an end. So if you've used your dog's name + your birth year as your password on multiple sites, it's time to change that.
  • set up multi-factor authentication
    A lot of accounts have the option these days, so there's no reason you shouldn't take advantage of it. Multi-factor authentication adds a layer of login security between entering your password and accessing your account by requiring a secondary measure to be taken, like entering a code from a text message or 3rd-party authenticator app. 
    At minimum, you should have this feature enabled for your email and any financial accounts. 


You might like: 5 Easy Ways to Improve Your Cybersecurity at Work


Verify the integrity of the sites where you're shopping

When it comes to the large and prominent retailers, it's easy for us to place our trust in the corporation and expect them to keep our information secure (or to make it up to us in the event that they fail to do so). But with today's rapidly growing e-commerce economy, it is becoming easier than ever for businesses to "pop up" online with a sleek-looking shop without actually having a secure infrastructure in place for shoppers.

Don't get us wrong, we're all about shopping local, supporting small businesses and startups, and spending outside of the top retail giants — but keep in mind that shopping online requires you to be risk-aware. Social media ads will catch your attention and entice you to click through to an unknown website for that perfect gift for a friend or family member, but how much do you really know about these retailers? 

Sliding graphic GIF of Facebook targeted ad t-shirts - the Hustle

Targeted Ad T-Shirts - The Hustle, 2018


Chances are, you've seen ads online for the insanely specific t-shirts that seem to call out key aspects of your personality — or you've seen someone walking around in one — but the retailers behind these products are often smaller businesses or individuals who are dabbling with big data and design algorithms, trying to hop onto this unique new trend and make a profit. As the world saw with the first vendor of these products, an Australian company called Solid Gold Bomb, messing with big data can come with consequences.

How does Facebook seem to know what we're thinking? We found this news article explained it well.

So if you see that perfect t-shirt, coffee mug, or pair of socks on Facebook, at least do a quick google search on the brand that was advertising them before you click through and make a purchase.


Set up credit card or bank card alerts

Most likely, your bank or credit card company has a feature where you can be notified via text or email when a purchase is made using your card. This is a great feature to utilize any time of year, but it's especially useful during the holiday season when cybercriminal activity is at a high. With  this feature turned on, you'll find out fairly quickly if your card information was somehow stolen — even if you still have the physical card on-hand — by receiving immediate text or email alerts when the card is used.

While you may not love being reminded that you just used your credit card for another holiday shopping spree at Target, the security benefits of transaction alerts may outweigh any frustrations it may cause.


Keep an eye on the news

And not just your local news. Although tech and security news may not be your thing, you may find it beneficial to follow a popular news site that reports on data breaches or even set up a google alert for some of the top brands where you shop + the word "breach". That way, you don't have to be constantly checking the news to be in the know. Plus, you'll receive a notification of any incidents when the story breaks, which is often before corporations send out the official communication to affected customers. 


Retail Cybersecurity

Protecting your e-commerce site and brick-and-mortar store are both vital defenses as a retailer in today's cyber threat landscape.


While your physical security in-store will help deter criminal activity that happens in-person, cyber criminals can hit your physical location's network and systems using digital avenues.

The best way to be prepared to defend against cyberattacks is to ensure your organization has solutions in place for all of the core components of security, which include prevention, detection, and response. Layered security, or a "defense in depth" approach, can set your organization's security apart and keep you protected from cyber threats.

Read more about the key cyber defenses.



  • ssl/tls
    Get those certificates in order — if consumers are going to be looking for SSL encryption to verify your security, you should make sure you have it. If know you already have your domain secured, it may help to try out a free online SSL check that will verify if it is functioning properly and providing the highest level of protection.
    Identifying security holes and mending them proactively is one of the best ways to avoid a devastating breach. You can utilize vulnerability management services to scan your network or your web applications on a regular basis and deliver reports to keep you in the know. 
  • stay on top of patching & updates
    Vulnerability scanning may reveal security holes, but software and firmware updates to the products and services you use are another key indicator of vulnerabilities that need mended. The great news? If an update or patch is available, it's a sign there's an easy solution to address the security vulnerability — just download and install.
  • maintain user security
    Require strong, complex passwords from users who sign up for an account with your e-commerce site. For added security, implement a multi-factor authentication option that users can enable on their accounts. 

Have questions about your organization's security? We can help.


In the end, security awareness and a healthy amount of caution are your friend during this holiday shopping season. 

Happy Holidays gif with snowflakes - Infogressive

Wishing everyone a safe and secure cyber holiday,

The Infogressive Team