With projected sales of £4bn, Amazon Prime Day event continues today and scammers ramp up their phishing efforts to take advantage of the increased email traffic. These attacks pose threats beyond gaining access to just a customer’s Prime account – it could potentially allow an attacker access to an Amazon Web Services (AWS) accounts, giving insight into retailer company’s entire cloud infrastructure. This is particularly relevant for employees hoping to score great deals by shopping on work devices during their lunch break.
Karl Barton, Senior Director, International Channels and Alliances at SecureAuth provides a few recommendations on what businesses can do to protect themselves during online sales or increased online activity:
1. Beware of the Phish
Ahead of major sale event such as Amazon Prime Day, organisations and employees should expect an increase in phishing attempts. Phishing is one of the most effective means for cybercriminals to access corporate networks.
2. Update user authentication methods
Corporations need an approach that protects both the user and the business at the access point.
3. Limit user privileges if a compromised device is suspected
Updated email filtering tools and security malware defences should be made mandatory by businesses for all devices, including BYODs.
4. Implement regular security training programmes
Training will help recruit employees as part of the organisation’s defences, as user vigilance helps monitoring activity for phishing attacks. However, this is only effective if they know what to look for.
5. Perform regular penetration testing to identify weaknesses
It is essential that organisations understanding where vulnerabilities lie. Penetration testing allows security teams to gauge the security of the infrastructure, to find vulnerable environments and apply the appropriate measures to address these weaknesses.
Share