Back to blog
Home
Blogs
Tis The Season For Online Shopping Scams

Tis The Season For Online Shopping Scams

On this page:
Heading

E-commerce is booming, people have more access to the internet than ever these days and retailers have realized that traditional brick and mortar stores now come second to online storefronts in most people’s mind. Therefore, a high percentage of the workforce will spend their time, if not most of their workday, shopping online on Black Friday and Cyber Monday to take advantage of holiday sales.

Cyber Monday has become the official day for online retailers. While many employees shop online on their company’s network, most are unaware of cyber-attacks and may fall victim to email phishing campaigns, ransomware attacks, banking trojans, as well as the emergence of fraudulent websites that promote special deals like holiday discounted packages.

The fact that unsuspecting customers have a limited window during the workday to complete their online transactions makes it more appealing for hackers to pursue innovative methods that redirect their potential victims to an untrusted site or allow downloads of a file to their company-owned computers. This holiday season, over 50-million cyber-attacks will occur against a company’s network on a simple fact that most employees are not fully aware of their current workplace policy for online shopping, that’s only if a policy does exist.

Fortunately, here are some proactive tips that should be considered by both the end user and employer this holiday season.

For the End-User
  • Never use the same username, password combination as your company login credentials
  • Do not trust public Wi-Fi hotspots, especially one that doesn’t require a password to connect when making online purchases
  • Do not open emails, click on links, and open attachments from unfamiliar sources
  • Be sure to download legitimate applications from known and trusted sources to your devices
  • Remember to lock your workstations when it is not in use. Passwords can be stolen from a running computer
  • Remember to log out of your online banking and social media accounts.
  • Be wary of unsolicited emails that promise exciting offers and avoid opening attachments from an unknown sender
  • Look out for the green padlock icon on your browser to confirm the legitimacy of a website.
For the Company

The IT, Network/Security and Server Application teams should always reference the “what if” scenario phrase against their current internal processes and/or procedures.

What if - an employee’s hardware were to infect the company’s network? What cyber incident response plan does the company have in place to combat the threat?

  • Anti-Malware: Ensure the latest software have been updated to all user end devices and or any application platforms. They’re the first and last line of defense should any unwanted attack were to compromise your network.

What if - there’s a security breach and company data is compromised by some a form of ransomware? This question pertains to both server applications as well as the end user's laptop.

  • The general rule of thumb for backups: Servers should have a complete daily backup process in place to ensure a snapshot of the network in the event an application has been compromised due to an internal threat.
  • The current mindset of storing pivotal information related to a company’s revenue portfolio, technical documentation, customer related information, etc. should not be stored or saved on personnel laptops - this is so 1990’s. Welcome to the 21st century where data can be stored and secured in a cloud type environment.  Cloud companies already have Disaster Recovery measures, security compliance, and backup procedures in place to ensure the integrity of a company’s data.
  • Always consider what sensitive personal data you maintain or need to maintain and how to safeguard it!

What if - there is a data breach? Are we using current monitoring tools correctly to be more proactive than reactive?

Many IT, Network and Service/Application teams work in silos -- by the time they can react it’s already too late. With the lack of internal collaboration, communication or structured policies in place, every department will have their own budget, which translates to multiple monitoring systems. Point taken that there isn’t just one tool in the marketplace that can do it all. The key is to ensure that all monitoring tool(s) available to an organization is properly configured to report or alert on the following:

  • Deviated traffic patterns or behaviors: Be sure to have a FULL understanding of what is “normal” behavior for any given time of day and the week. Alerts based on standard deviation from baseline performance should notify you when exception conditions occur.
  • Key Performance Indicators (KPI): Clear visualizations that compare the typical performance of your infrastructure to real-time metrics. It’s easy to miss subtle changes in behavior when you rely on alerts based on predetermined, static thresholds only. These subtle changes often foreshadow a potential service disruption, if detected.
  • What if there is a data breach - who gets that first call? Who is the designated incident response point person? This person should identify the points of contacts to call within the first five minutes of a cyber incident. Be sure to have the guidance of experienced external counsel if you are not properly trained to handle a data breach situation.
  • Do you have a data breach response plan? If you are an in-house counsel to a company that does not have a written data breach response plan, make it a part of your company’s 2019 goals to have a response plan in place. You don’t want to face a data breach without having a plan that outlines the internal/external communications with your response teams. Companies should have a formal Governance team that requires quarterly discussions with internal IT departments to review these types of scenarios to ensure proper orchestrations of actions and a cadence of communication.
About SDI Guest Blogger

Manny Pintado has over 20 years of relevant technology experience within the IT, Network and System Applications, Operations, Satellite and Telecommunications industries for leading global organizations. Proven abilities in strategic planning, managing projects, improving the efficiency of operations, team building and detailing project information to determine effective functions for operations.

Read more

Latest Insights from SDI

Discover more insights

Stay connected with SDI Presence.

Receive our latest resources, press releases, and stay up-to-date on the latest news.
Blogs
May 19, 2026
From AI to Agentic AI: The Essential AI Glossary
Blogs
May 16, 2026
From AI Chaos to Enterprise Control: SDI’s Top Takeaways from Knowledge 2026
News
May 16, 2026
Xchange Marks Apprentice Week with Enterprise IT Projects for Peoples Gas and Northern Trust
News
May 15, 2026
SDI Presence Announces Technology Apprenticeship Partnership with Technology Association of Georgia’s TAG Education Collaborative
Blogs
April 29, 2026
Why Data & CMDB Readiness Is Critical for AI
Blogs
April 28, 2026
From Data Chaos to Clarity: Solving the Public Sector Data Problem for AI Success
Blogs
April 14, 2026
Top Takeaways from ACI's Airports@Work 2026: Navigating Complexity in Mission-Critical Operations
Blogs
April 1, 2026
The Future of Maintenance: Integrating Preventive and Predictive EAM in 2026 
News
March 31, 2026
SDI Presence Appoints LaDarius Jackson as Vice President of ServiceNow Delivery
Blogs
March 24, 2026
From Data Lake to Data Swamp: Why Bad Data Poisons Every Decision 
News
March 18, 2026
SDI Presence Joins Western Regional Innovation & Technology Alliance (WRITA)
Blogs
March 3, 2026
Running ServiceNow Where Failure Isn’t an Option
News
February 3, 2026
SDI Presence names George J. Sperekas II Account Executive for Illinois SLED market 
Blogs
February 3, 2026
Escaping the IT Upside Down: How to Stop Tech Chaos Before It Takes Over
Blogs
February 3, 2026
ServiceNow SKO 2026 Takeaways: Delivering Ambition at AI Speed 
Discover more insights

Ready to transform your IT operations?

Contact to learn how our IT Managed Services can benefit your organization
Work With Us
Footer Background Image
Stay Connected with SDI.

We'd love to hear from you! Please fill out the form and we'll get back to you as soon as possible.


Thanks for submitting the form.
Services
IT Managed Services
Advisory & Consulting
ServiceNow
Enterprise Data & AI
Enterprise Asset Management
Public Safety
Xchange
Industries
Government
Utilities
Aviation
Transportation
Public Safety
Commercial Real Estate
Banking, Financial Services 

& Insurance
Manufacturing
About SDI
About Us
Locations
Leadership
History
Careers
Diverse Partnerships
Resources
Blogs
News
Videos
White Papers
Case Studies
X - TWITTER
INSTAGRAM
LINKEDIN
FACEBOOK
© 2026 SDI All rights reserved
Terms of Service
Privacy Policy
Website by Foursets with love