GFI's David Vella offered these as the top five proactive steps you should take:
Educate Your Employees: This, along with regularly updated anti-malware technology, is the most important step you can take. Make sure your employees understand the nature of the online threat environment -- and make equally sure they understand your position on shopping (and surfing in general) at work.
Monitor: Know what your employees are doing online, what they're downloading, where their spending their online time.
Put A Policy In Place: This one can't be over-emphasized. Your security policy, Vella argues, should be clear, thorough, uncomplicated and regularly updated.
Limit access: Provide Internet access only to those who need it. Period.
Invest In Technology: Vella points out that security expenditures are simply part of the cost of doing business today (particularly when your employees are doing their business as well as yours online.
As noted, good, solid, basic advice, admittedly from a company that's in the security business, but no less worthwhile for that.
While it's getting late to implement some of these steps -- most of which, frankly, you should already have in-place -- it's not too late at all to do some hard thinking about what you will and what you won't allow your employees to do on Cyber Monday, and to make those expectations clear and clearly communicated before they go home for Thanksgiving.