Cyber Monday marks the busiest online shopping day of the year. But while multitudes of consumers will take advantage of deep online discounts, they may be unaware of cybercriminals who also use the retail holiday to their advantage – and not just in search of online bargains. Rather, hackers and scammers typically come out in force at this time of year, flooding social media, emails and search results with malicious links, offers for worthless products, and other scams aimed at relieving consumers of their personal data.

The threat of cybercrime during the holiday shopping season is no longer just a minor irritant – it’s a major concern for businesses too, claims Carmine Clementelli, Product Manager of security firm iNetSec Smart Finder. These days, many organizations are supporting a BYOD network which allows devices and applications to serve a dual purpose – both personal and professional use. BYOD policies save organizations money, and they’re popular with employees too, but they also leave them open to numerous security risks.

In an interview with SiliconANGLE, Clementelli warned that the risk to businesses that have adopted BYOD policies is especially acute at this time of year:

“Online shopping during the holiday season is an undeniable trend, with mobile devices and applications becoming a significant driver,” said Clementelli.

“Employees are consolidating their professional and personal devices which opens up a business’ network to an increasing number of threats and malicious behavior that can be introduced through online web surfing and financial transactions, even outside of business hours.”

“Though the internet accounts for a large number of threats, it is also important to note that other dangers such as malware can arise from holiday collaboration activities like file, photo, music and video sharing or streaming – making applications a prime target for cybercriminals.”

Cyber Monday (Data) Steals

Clementelli outlined what he believes are the five biggest potential BYOD security threats that businesses need to be aware of as the holiday shopping season begins.

1. Employees who use corporate network connected BYOD devices to shop online can risk introducing malware and botnets into the network
2. Shopping whilst connected to a store’s wi-fi can allow viruses to access data stored on your device or applications
3. Saving login details on sites for quick check-out can lead to unwilling permission to access other similar password protected data stored on your phone
4. Social media and personal apps which promote deals and campaigns can link to malware and phishing scams that masquerade as deals and in-turn infect the connected network
5. Linking work emails with personal credentials can give outside parties another database to cross-reference when trying to hack corporate accounts

The most common methods that cybercriminals use to attack employees’ devices are fake applications, and emails and SMS messages containing malicious links. Clementelli warned that smaller-sized organizations are particularly at risk, as these often lack comprehensive security protocols. Hackers know this, and as such, smaller organizations are often targeted by them in the hope of gaining access to sensitive data like customer transaction databases.

“Some other notable threats are promotional links and banner ads within online shopping sites that can direct users to other false promotions or websites and online shopping incentives that are distributed through email and text messages which can serve as hidden vehicles for malware threats,” warned Clementelli.

The good news is that although the threat from cybercrime is more potent at this time of year, organizations can easily shore up their defenses.

“To help prevent the risk of security threats introduced through BYOD and BYOA activities, organizations should proactively monitor all devices connected to their internal network and in turn reduce the risk of unauthorized devices attaching to the network,” Clementelli advises.

“By investing in an internal network security solution that enables businesses to identify and manage all devices and applications attached to their network, organizations can block unwanted activity, helping reduce associated potential threats.”