Today’s mobile workforce means that many employees blend their personal and professional lives on the same devices, possibly putting organizations’ data at risk. During the holiday season, in the search for gifts, low prices, and expedited shipping times, many people forget to think about security, even when using a work-issued laptop or a mobile device that can access work information. What can organizations do to ensure that their workers—and their data—are protected? We’ve prepared a list of tips to help organizations and their employees stay secure this holiday season.
Scanning QR Codes
QR codes have become ubiquitous, popping up often in people’s daily lives, which could lead employees to overlook red flags. Train employees to think about QR codes the same way they think about email scams and social engineering—a quick scan of a manipulated QR code could lead to a malicious website that prompts employees to install an app or type a password, potentially exposing the organization to risk.
How can QR codes be scanned securely?
- Inspect QR codes for physical coverings or stickers. Before scanning any QR code, employees should check if it appears damaged or misprinted, or if a sticker appears to be placed over the original code—or even if the code is in an unexpected place. Alternatively, recommend that employees navigate to the site’s known webpage or official app.
- Verify websites before entering any passwords or information. Although a QR code cannot be directly compromised with malicious content, the website that the code leads to can be dangerous. Users should confirm that the website is legitimate by checking the URL before entering a password or any personal or financial information.
- Never download or install an app directly from a QR code. The FBI suggests that users not download apps from QR codes or make payments using a QR code. Although a webpage or app may look legitimate or safe, it is hard to tell when a cyber criminal has created malicious content and may be stealing data. Instead, educate employees to always use their device’s official app store to download apps.
- Ask for physical menus or documents. Although it can be convenient to scan QR codes in a restaurant, advise employees to ask for a physical menu to avoid scanning a malicious code. If a physical menu is not available, they can navigate to the restaurant’s official webpage.
Using Chat Boxes
Chat boxes—both live and automated (aka chatbots)—can provide shoppers with a seamless, personalized shopping experience. Unfortunately, many customers assume that a secure website’s chat box is also secure, but this is not always the case.
Organizations can advise employees that risks associated with chat boxes could originate from a website’s poor coding or from an unsecure or even malicious external vendor. Once a chat has begun, hackers may be able to eavesdrop, steal passwords or credit card numbers, or convince a customer to install a malicious program. An evil bot could even control the whole website.
How can chatbots be used securely?
- Confirm that the website is real. Criminals can create a look-alike website that uses a malicious chat box, so users should confirm that the website is legitimate before using a chat box or purchasing items.
- Be wary of typing personal information into a chat box. Personal information such as names, addresses, and credit card numbers could be stolen if the chat box is not secure. Before entering this information, users should take a moment to determine if the site is secure or if it would be better to share the information through a phone call or other more secure means.
- Inform the website if there are reasons to suspect that the chat box is malicious. If interactions with the chat box seem suspicious—for example, if the chatbot asks for unnecessary personal information—the user should report the activity performed on the website to the company and to their bank, and monitor their credit card for suspicious activity.
Making a Purchase
Shopping online may be easy and convenient, but according to the FTC (Federal Trade Commission), online shopping scams are one of the most reported types of scams. Organizations can lower their own risk by educating their employees about online scams and schemes.
How can online items be ordered securely?
- Don’t click on links in emails from unknown senders or on ads from unfamiliar sites. Even ads on social media sites could be compromised. Just one click could download a virus or malware.
- Use familiar, trusted sites and apps for purchases. Before purchasing from a new shopping site or app, research it first to confirm its legitimacy.
- Be wary of deals that are “too good to be true” or have a short time limit. Criminals advertise major discounts to draw victims to their site.
- Use a credit card for online purchases. Remember that secure and well-known payment services, such as PayPal, limit users’ financial exposure if a site or app is fraudulent.
To report a scam, notify your local and national police enforcement, and the online shopping site.