It is estimated that around £11.5 million was lost to online scams during last year’s festive season, highlighting the need for businesses to protect themselves and their customers. With Black Friday approaching, Scottish businesses face not just opportunities but heightened risks of fraud, especially online. Cyberattacks during peak periods can jeopardise customer data, disrupt operations, damage reputations, and pose serious legal and financial threats. How can businesses safeguard against these seasonal dangers?
1. A business’s first line of defence is its employees
Cybercriminals often target unsuspecting employees or individuals within businesses as the gateway to access critical systems or attack vital infrastructure. This increasing sophistication in AI technology allows cybercriminals to better disguise their attacks, for example by using AI to create and mask phishing emails, increasing risks to businesses of individuals falling victim to an attack.
Businesses must treat staff as their first line of defence against cybercrime. Regular training on identifying scams and understanding cyber risks is essential. Employees should also be reminded of the heightened threat around Black Friday, where fake emails and fraudulent links are designed to catch even the savviest among us off guard. Additionally, simple measures like banning access to sensitive data on unsecured networks – such as public Wi-Fi – can prevent cybercriminals from exploiting these digital vulnerabilities.
2. Understanding that cybercrime is rarely a one-off event is crucial
Attackers often conduct reconnaissance before striking, leaving dormant malware in systems or creating “back doors” to assess systems at will, often delivered by links clicked, or attachments opened, in phishing emails. Businesses must be vigilant, monitoring systems for suspicious activity and increasing security around critical areas like payment portals and customer databases.
The proliferation of fake websites, mimicking legitimate businesses to steal customer information, is another growing trend. Regular monitoring for these copycat sites can help businesses protect their brand and prevent customers from falling victim to online fraudsters.
3. Be prepared and act fast when threats arise
Robust cybersecurity infrastructure is essential for business of all sizes, especially during high-risk periods like Black Friday. Updated antivirus software, firewalls, and secure payment systems are essential to ward off attacks. Prevention, however, isn’t enough as even the most secure businesses remain susceptible to attack – response plans are, therefore, equally as critical. Businesses should ensure all data is backed up to secure locations and have robust disaster recovery policies in place to manage breaches swiftly and effectively.
If the worst does happen, acting quickly is paramount. Businesses should report suspected cyberattacks to the National Cyber Security Centre (NCSC) and, where personal data has been substantially compromised, inform the Information Commissioner’s Office (ICO) within 72 hours – a legal requirement under the UK GDPR.
4. Stay vigilant year-round
The legal landscape is clear: under the UK GDPR and the Data Protection Act 2018, businesses must protect personal data year-round, not just during Black Friday. Non-compliance can result in heavy fines and lasting reputational damage, especially if customers lose trust.
To meet these obligations, businesses should implement strong password protocols, use multi-factor authentication and encrypt sensitive data. Regular stress tests and audits of cybersecurity measures can identify weak spots before attackers do. Compliance, however, is not just about ticking boxes. It is about demonstrating to customers that their data is safe, even during the busiest shopping periods. Trust is the currency of the digital age, and businesses that fail to protect it risk losing far more than a single sale.
While Black Friday intensifies the risks, cybersecurity must be a year-round priority. The ICO has little sympathy for businesses that cite falling victim cybercrime to justify data breaches. Instead, businesses are expected to show they’ve taken reasonable steps to prevent attacks.
Do not wait until a breach occurs to take cybersecurity seriously – that’s the key takeaway for Scottish businesses. The financial and reputational damage caused by inaction far outweighs the investment needed to secure your systems.
Black Friday offers businesses a valuable opportunity, but it also serves as a wake-up call. By prioritising cybersecurity, Scottish businesses can protect their customers while strengthening their reputation as trusted retailers. The fight against cybercrime is ongoing, but with vigilance, preparation and the right measures in place, businesses can transform Black Friday from a potential risk into a day of success.