Cybercriminals targeting POS systems is not new and magnetic-stripe payment card systems are gradually starting to disappear however risks are high and lawsuits are being filed.
Recently, a Pennsylvania credit union has issued a lawsuit to sue Wendy’s for inadequate security measures and policies that has allegedly allowed hackers steal credit card and debit card information. The lawsuit states that fraudulent purchases on credit cards and debit cards occurred after breaching Wendy‘s computer network system. Cybercriminals are increasing their attacks on point-of-sale systems (POS) systems that are still using magnetic-stripe card systems. These are allegations against Wendy’s and must be proven in court but the important thing to notice is that they are being brought in court to defend their corporate IT security policies and procedures.
According to Symantec, millions of identities can be exposed in a single attack. This is all tied to cyber criminals intensifying their sophisticated cyber-attacks. The retail industry has been liable for the largest number of identities exposed in 2014, accounting for almost 60 percent of all identities reported exposed. That is an increase of 30 percent from 2013. Also in 2013, 17.8 percent of data breaches contained financial information and it jumped 35 percent in 2014. The majority of breaches were due to unprotected point-of-sale systems (PoS) systems.
What are five ways to protect your point-of-sale systems (PoS) systems, business and reputation?
- Always maintain an up-to-date POS software – Like your core network IT infrastructure, your POS software needs proactive updates and management including security patches and updates that will not leave your POS system vulnerable to malware and other cyber-attacks that could put your data and business at risk.
- Always maintain an active Firewall with Security Services – This should be standard practice as all networks including your POS systems are at constant risk of compromise due to hackers, malware, viruses, and spyware. By using an active firewall with security services, you will be protecting your business as well as putting a first layer of defense with security services that including anti-virus, anti-spyware, intrusion prevention, and content filtering.
- Always use strong passwords – A POS system is no different than your core network. Never keep the default passwords upon initial setup. Always use complex, computer-generated (if possible) passwords and unique account names as well as changing your passwords on a regular basis.
- Always control Internet Access from the POS – If possible, you should restrict the POS systems from accessing the network as it will allow you to protect your business from exposure and potential security threats. A POS system should only be connected to the internet if absolutely necessary for activities. If allowed, it should not be used for any general Internet usage and always in a controlled environment for example a white list of websites allowed.
- Always Control Remote Access – As a managed IT services provider, we service our clients using remote access tools however if not using enterprise class remote monitoring and management (RMM) tools, it may give cyber-criminals ways to exploit your POS systems to access data on your network. Do not use free or consumer grade tools as they have less security measures to protect your business.
Every business knows that nothing 100% but there five things can help reduce the risk of a cyber-attack as well as avoiding a potential lawsuit for not having the right IT security policies and procedures in place. Even thou you have a trusted IT department or managed IT services provider providing proactive network management and maintenance, every company should educate employees about proper use of the company IT infrastructure as well as the POS systems to increase security and protect the business.
Cybercriminals Targeting POS the same way they targets networks. Speak to your trusted IT consultant or IT department and avoid these issues.
365 iT SOLUTIONS is Toronto’s leading IT consulting firm delivering Managed IT Services, IT Support Services, IT Outsourcing Services, Tech Support Services and Cloud Services. backed up by our Complimentary Network Assessment.