An easy to use SMB holiday cybersecurity guide to safe online shopping

It’s no secret that when any holiday approaches it also means heightened cybersecurity risks for businesses, large and small.  The reason (for the risks) is that many people today shop online for their gifts.

A recent survey showed that about 82% of small business executives know that employees will use their work computers and phones to shop online, and 49% of executives also acknowledge that their employees will not be able to spot a bad link or a website that is trying to trick them in a phishing scam or that has hidden malware on it.

There are many simple steps that businesses can take to implement cybersecurity in these times and guide everyone throughout the enterprise to safely shop online during the holidays; but also at any time when they’re online shopping since this is an occurrence that takes place throughout the year.  Furthermore, this cybersecurity guide also helps you to safeguard against the online browsing risks that are always at bay, due to any website being a potential carrier of cyber threats.

We’ll start with three steps you can take to guide employees on what NOT to do during this holiday season to avoid falling for phishing risks (that we shared in our newsletter, but that maybe you didn’t get if you’re not part of our mailing list).

Email Security: Inform employees NOT to click on links, or download specials and/or coupons, that they get through emails. 

  • It doesn’t matter how legitimate the source may seem because phishing techniques just keep getting better at tricking employees.

Website Security: They should NOT be shopping at work; but if they are, at the very least, when an ad seems too good to be true while browsing a website tell them NOT to click on it. 

  • The offer is most likely too good to be true and is hiding something that will infect the computer, possibly the entire company network. 

BYOD Security: They should NOT use their mobile devices to shop using the company network, even they’re own network for that matter.

  • It doesn’t take much for a cybercriminal to hack into a network once it’s being used by a mobile device; even if they’re not directly connected to it they find ways in.

Also, we recently shared with you how to spot a phishing email, which can be very useful and a blog on safeguarding against webcam security risks

This brings us to the next important aspects of our holiday cybersecurity guide and list of things to do; the lovely IoT devices that enter and are present at the workplace, and more.

Patching: Make sure all your devices, software, browsers, and applications are always patched and updated to the latest versions.

  • Patching is something people avoid because it can cause technical issues and it doesn’t seem necessary immediately, however, this is where the hackers will find vulnerabilities to use and get inside your network.

Simple security tools:  Make sure there are security tools installed on every device.  This includes having an antivirus and a virtual private network (VPN) if possible since a VPN connection means that even if your communications are intercepted while shopping or browsing online, they will be useless to cybercriminals because your data is encrypted.

  • It’s important that you and everyone using these security tools, knows how to use them.

Passwords: It’s important to keep passwords up-to-date, private, and not easy to figure out by the cyber criminals (which 1,2,3,4 is very easy for them to figure out; and by the way, it is still one of the most used passwords, if you didn’t know).

  • Changing passwords on a yearly basis is advisable, particularly if there’s reason to believe that it has been compromised.  You can use a password vault if it’s a challenge to remember the changing passwords.

Browser: Every browser supports secure transactions using SSL encryption; however, to be safe double check that your connection is secure before purchasing.

  • You can do this by looking at the URL bar of the browser where you should see https:// if it’s secure and/or you can look for the lock icon that your browser will display.  There are some popular open-source plugins that can help with this such as HTTPS Everywhere and uBlock Origin.

We shared with you some essential aspects that will heighten your cybersecurity during the holiday season’s online shopping spree, but also throughout the year with all online activity in the overall workplace, immediately. 

All that is required, is for you to take action with the information provided throughout the guide; which has been formulated in the most simplified way and easy to use, so that it may be communicated and shared with everyone within the enterprise (from employees to executives to HR, you name it).

A reminder for employee training, don’t forget that NCX Group offers a great SMB solution; there’s a free tier of this service, and paying tiers that include additional items.  Here’s the link to the details of our MyCSO Cybersecurity Training.

Lastly, you are always welcome to schedule a free consultation with our cybersecurity professionals.

Schedule your free cybersecurity consultation here!

 

Photo courtesy of Nata-Lia

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    About NCX

    NCX Group is an independent cyber risk and resilience advisory firm with over two decades of experience supporting business leaders, boards, and deal teams when risk affects value, operations, and decision-making.

    Advisory & Risk

    Risk & Readiness

    Company

    Copyright ©2026 NCX. All rights reserved
    Privacy Policy