The Hidden Threats of Holiday Cybershopping

By Jessica Binns, Contributing Editor
Whether you like it or not, your workers probably are using their company phones and tablets to do a little holiday shopping (PayPal says mobile shopping was up 193% this Black Friday over last!). And others are hoping to get the next great gadget as a gift this season - a new toy that will be connecting to your company network come January.

While all of this is exciting for employees, it can be alarming for IT. Cyber threats multiply daily, it seems, with experts at the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI) warning of the proliferation of cloud-based botnets. In this scenario, criminals use stolen credit card information to buy up cloud platforms through which to launch attacks. From shopping to stolen in 60 seconds or less.

The Georgia teams also warn of search history poisoning, which means the bad guys can manipulate what search results you see and direct you to dangerous sites. And since people tend to be less concerned about where they're browsing on their personal mobile device, it's easy to lead unsuspecting users into a trap.

How to steer clear of trouble this holiday? Always be sure you're buying through a secure HTTPS site - if the "S" isn't there, stay away. And when it's time to complete your purchase, be sure the lock icon shows up on the page. It proves that the merchant complies with industry payment regulations.

As simple as it sounds, use different passwords for different sites. Using the same password all the time makes it easier to follow your cyber trail.

And maybe skip the convenience of filing your credit card info with all your favorite online merchants. "Mobile consumers typically store their credit card information in retail accounts, rather than entering the information during each transaction, making online retail account takeovers more profitable, and therefore, more attractive to fraudsters," Alisdair Faulkner, chief products officer for ThreatMetrix, told NACSOnline.

"During the holiday season in particular, consumers find it much more convenient to keep credit card information stored online as they make such a high volume of purchases," he added. "This is especially risky if consumers use the same email address and password for several websites — doing so initiates a trail of destruction that is equivalent to unlocking every door in the house, easily allowing criminals to hack numerous accounts at once."

No workers wants to be "that guy" who unwittingly allows malware or worse onto the enterprise network; be sure to communicate the risks of mobile shopping and more to your employees.

A New Year, a New MDM Plan?

What's an IT executive to do when workers bring their new devices to work after the holidays? Is your mobile device management program ready to handle the influx? Does it need to be reconfigured?

The start of a year is a good time to revisit the MDM plan you already have in plan and see what tweaks need to be made. Perhaps you're only supporting two operating systems at the moment and when employees bring in devices with a third OS after the holidays, you realize it's time to expand your platform.

For workers who will be using a new smartphone or tablet on the company network for the first time, be sure to clearly communicate usage policies. Access is a privilege, not a right.