By Professor John Bryson
Department of Strategy and International Business, University of Birmingham
There is another, darker side to Christmas though, as this can also be a time for cyber attacks on companies and individuals.
Christmas is a special time of the year. For the retail and hospitality industries this is a critical period, with UK consumers expected to spend £21 billion on presents and celebrations. It is estimated that expenditure will be 12% more than last year. There are many sides to Christmas. This is a religious festival and a time when families and friends come together, but it is also a major commercial event. There is another, darker side to Christmas though, as this can also be a time for cyber attacks on companies and individuals.
On Sunday 5 December 2021, over 300 Spar convenience stories across England were forced to shut in response to a cyberattack. This attack was targeted at James Hall & Company, Preston, which is the company responsible for operating Spar’s IT systems and tills. Shops were unable to process card payments and those that remained open could only take cash.
The Spar example highlights the importance of continually testing IT systems to identify potential weaknesses that could be exploited by hackers. It also highlights the importance of staff training and ensuring that all employees are cyber aware and that software is up to date. Cyber awareness includes checking links before clicking on them and email addresses, as well as applying common sense. The best approach to adopt is one based on suspicion.
For many individual consumers, Christmas is now a time for online shopping and for the Christmas sales. Here, it is important to update devices and apps and use strong passwords. It is also important to change your passwords regularly. The approach to adopt includes checking the security credentials of e-commerce sites, avoid clicking on social media links that take you to a website to buy something, and to assume that if it appears to be an exceptional deal, or that it feels wrong, then to be very cautious. A key avoidance tactic is to adopt two-factor authentication (2FA) as this helps to prevent hackers from accessing your accounts, even if they have managed to obtain your password.
One of the most worrying consumer trends of 2021 has been the apparent increase in the spiking of drinks and needle spiking. There is another danger linked to spiking, as the recent case of Ben Gregory seems to reveal that fraudsters are spiking drinks to steal money. Gregory woke up late the next morning after a night out without his phone and wallet, and having no memory of events. It turned out that over a couple of hours many financial transactions had been undertaken using his phone and cards. Money was transferred from savings to current accounts and then withdrawn, and over £18,000 had been stolen.
This example of fraud linked to spiking might be unusual, but it highlights the ever-increasing role that smartphones play in managing personal finance. Thus, it is important that all smartphones are password or pattern protected. It is essential to have updated software and to avoid using public or open Wi-Fi provided at shopping centres, cafes, airports, or other public venues. Keeping your phone locked and using 2FA on transactions are important avoidance techniques. However, for a case of spiking, fingerprint scanning and even Face ID might not provide sufficient protection.
The key message is that cyber awareness is all about being prepared, aware and alert. Thus, a cyber-secure Christmas requires companies and individuals to be aware of the possible dangers and to take simple avoidance strategies.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of the University of Birmingham.