‘Tis the season.

Cybercrimes always increase during the holidays, but this year could reach new threat levels. With COVID-19 (and as confirmed by the decreased Black Friday foot traffic versus the increased Cyber Monday sales), Americans are expected to do most of their holiday shopping online this year.  In response to this development, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued an alert before Thanksgiving urging all consumers to be on alert for holiday cyber threats (which, along with online scams, historically spike during the holiday season).

Acting CISA Director Brandon Wales stated that “Americans are adjusting their travel and shopping habits for a holiday season that’s sure to be unlike anything we have experienced,” said. “Hackers, scammers and thieves will take advantage of these changes and the generosity of the public during the holidays to target online shoppers and those giving to charities.”

CISA advises consumers take three precautionary measures when online shopping this holiday season:

  • Check devices: Consumers should ensure devices are up-to-date and all of accounts have strong passwords. If consumers purchase an internet connected device or toy, they should change the default password and check the device’s privacy and security settings to avoid sharing information unknowingly.
  • Shop through trusted retailers: Before consumers make a purchase, they should make sure they are using reputable, established vendors (and likewise for charitable donations, to ensure donations are directed to legitimate organizations).
  • Use “safe” methods for purchases: If possible, consumers are advised to a credit card or other forms of digital payments as opposed to a debit card (credit cards often have better fraud protections).

While the CISA targeted its advisory at consumers, companies should make a list and check it twice too—it’d be a good time to remind employees about anti-phishing best practices, shore up company cybersecurity measures, and review and rehearse your incident response plan. Taking these steps now could prevent data breaches and potential litigation down the road, and help you and your company keep the holiday spirit.