It’s Nothing Personal: Takeaways from Cyber Monday 

Cyber Monday did not disappoint this year: Americans spent a record-breaking $6.59 billion online, up 16.8% from last year.

With the pressure on to snap up those deals before the end of the day, some are tempted to take a quick peek at their personal inbox or favorite shopping sites while at work. Seems harmless, but what we don’t always consider are the cybersecurity risks involved when employees use work computers for personal activities.

Cyber Monday, Cyber-Safe

Recent history offers a slight contradiction here: Cyber Monday came about because of online shopping at work. The first Monday after Thanksgiving, employees took advantage of the high-speed internet at their office to get a jump on their holiday shopping. Nowadays, however, most Americans have speedy home internet access. Maintaining the tradition of personal use on company computers isn’t just unnecessary, it can also be unsafe.

Most of us don’t install email filtering and spam protection on our personal email accounts like our company uses, so the chances that employees will receive and interact with a phishing email is higher. This is especially relevant through the holidays when we receive a flurry of promotional emails – it’s easy for a well-crafted phishing email to hide amongst all the legitimate deals.

Email aside, online shopping takes us all over the internet. Without guidelines, employees may unknowingly travel to malicious shopping sites, putting the device and company at risk of malware or a data breach.

Good Intentions, Bad Follow Through

While employees usually have nothing but good, and personal, intentions shopping online at work, the reality is the company takes on additional risk when things don’t stay business:

  • Personal social media use can open up opportunity for social media phishing
  • Installing non-business applications can put devices at risk for malicious apps masquerading as harmless
  • Online games can be attack vectors, even if reputable and popular
  • Video, download, gambling, and adult websites are notoriously loaded with malware and drive-by downloads
  • Lists of personal contacts and access to file-sharing sites can increase the chance of an insider threat incident, deliberate or not

In addition, there are business and efficiency considerations:

  • Strain on IT to manage updates, security, and support for personal programs
  • Increased opportunity for distraction during work hours
  • Use of device storage space or network bandwidth by non-business programs

Practice Best Practices

Keep these techniques in mind helping to encourage best practices:

  • Clearly state the decision in the Technology and Data Use Policy. It’s also recommended to add a “no expectation of privacy” clause stating that all information and history on company devices can be accessed by management.
  • Explain during employee onboarding the reason behind the policy and continue to discuss regularly.
  • Employ technology such as mobile device management (MDM) and application and media controls that allow restriction on programs and websites employees can access.

As with many cybersecurity points, simply understanding the risks helps us to make more informed policy decisions. In the end, it’s nothing personal – just good business.

Stay Safe,

Your Friends @ Defendify

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage and cybersecurity insurance requirements is sure to enter the discussion.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.