How Retailers Can Protect Themselves From Holiday Cyberattacks

The holiday season is around the corner once again, and it's just as important as ever for retailers and customers to remain vigilant against holiday cyberattacks. The hustle and bustle of the period — from Black Friday to Christmas — is a great time for cybercriminals to target businesses as purchases and foot traffic increase. To protect their stores and businesses from being taken advantage of, here are several actions retailers should seek to implement before this year’s holiday season:

1. Train your staff.

One of the most important things retailers can do to protect themselves from cybercrime during the busy holiday season and throughout the year is to have employees trained to recognize malicious scams and hackers. While it might seem like retail staff working behind desks should be the main targets for cybercrime, the in-store retail staff should also be included in all cyber training. Some ways to provide training include creating bite-sized visual security tips that are easily referenceable behind the register or in the breakroom, or implementing a “Security Champion” program for each store or shift, allowing conscientious employees to act as role models for the rest.

Most effective training occurs frequently throughout the year, but it's particularly important prior to the holiday season. In October, for example, employees should be given a refresher course on what to look out for during the holiday period and they should always be kept abreast of current common scams.

2. Have a system.

Part of employee training includes the implementation of protocols for what should be done in the case of malicious actors. There should be a simple, accessible system for staff to report security concerns and a method for encouraging employee participation. In the case an employee makes a mistake and clicks on a phishing link, for example, it's important that businesses maintain a “no blame” culture. This way, the employee in question will still feel free to report the issue promptly, without concern of being fired. This will also encourage all employees to look out for the best interests of the store or company.

3. Check and audit.

In addition to having employees on the lookout for holiday scams, it's necessary that retailers implement regular checks and audits of systems to ensure that everything is up-to-date. In particular, credit card payment machines should be regularly checked for signs of tampering. Access control measures — door codes and keys to warehouses, storerooms and the stores themselves — must also be kept properly updated at all times. This is especially important if a business employs temporary staff over the holiday period.

4. Verify authenticity.

Likewise, staff should regularly check that all in-store QR codes are legitimate. If they're not, these should be reported immediately through the aforementioned protocol system. It's not impossible that bad actors enter a store and replace store QR codes with dupes that look convincing but will unload a malicious payload when scanned.

Coupons and vouchers are also a common way for cybercriminals to try and hack a store. To prevent this, retailers should provide something such as a quick verification guide for their in-store employees to be able to check coupons and vouchers for legitimacy. In the case of suspicious-looking offers, there should be a verification process.

Holidays 2025

Every year cybercriminals come up with new and trickier methods to take advantage of the holiday shopping season. Fortunately, by remaining aware of common scams and by encouraging the participation of all employees, retailers can protect themselves during this busy, scam-heavy period.

Erich Kron is a security awareness advocate at KnowBe4, the world’s first and largest new school security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.