Are there any weaknesses in your Point-of-Sale System?
September 06, 2016
News about a company being breached seems to be a regular occurrence nowadays. And it’s no wonder, with hackers getting more sophisticated and hungry for more.
Plus, with all of the pressures business owners and company leaders have on their plates, it can be tough to tackle everything well with their own resources, including network security.
The best way to start to fight back is by asking yourself, and other stakeholders:
Are there any weaknesses in your point-of-sale (POS) systems?
Hackers want payment card data and they know just how to get it. According to a Verizon report:
The top industries impacted by POS malware in 2015 were food services and retail, making POS intrusions account for 64% of all data breaches.
As we keep seeing on the news, the latest data breaches continue to show that point-of-sale systems are a reliable source for hackers to steal payment card data.
What is malware and how do hackers use it?
Malware is short for malicious software. It’s specifically designed to gain access to or damage systems without the knowledge of the owner.
POS malware is typically installed by hacking into any one of the remote administration tools. After such tools have been hacked, the malware is loaded into the POS systems and begin to take into possession the data of each payment card swiped.
Most of the time, once this infiltration is discovered, the damage is done and hackers have obtained everything they needed.
Whether you have your own business or your business is part of a well-known corporation, if you accept payment card transactions, you are at risk that such data can be stolen by hackers.
It is your responsibility to take the necessary steps to protect your customers’ data and the reputation of the brand you represent.
Help prevent malware and hacker threats, while protecting your brand.
One thing you can do rather quickly and easily is deploy a managed firewall, which will help monitor payment card processing activity to ensure that such data is not bypassing the firewall. This first step is key to having control over outbound network traffic and preventing payment data from being sent to suspect sites and countries.
Not every managed firewall provider can detect when credit card data is not traversing the firewall any longer. Hence, on top of deploying a managed firewall, you must also be aware of the features that come with it.
For example, take a look at the unique managed firewall features offered at Netsurion.
Here are 3 tips you can do to prevent being the next victim of a POS malware attack:
1. Conduct Internal and External Vulnerability Scans
Internal scans will search for any possible vulnerabilities inside your network, while external scans will search for vulnerabilities that could be used in a data breach. Both are extremely important to detect any unknown or criminal activity.
2. Segment Your Network
It is important to separate your POS system from public data and systems. Properly configured network segmentation prevents hackers from accessing the POS environment and all of its sensitive payment data.
3. Use Two-Factor Authentication
Most retailers use a third-party provider to run their POS systems. If so, employees and vendors are able to access the network for multiple purposes. That’s okay.
The problem is when one of the vendors or employees uses a weak password. When a password is compromised, hackers are able to use this third-party provider to access the POS system.
Make sure you and your vendor are both using two-factor authentication.
So what is two-factor authentication?
The first factor is what most people are familiar with: A username and password.
The second factor in most cases is a random set of numbers and/or letters that is sent to the user’s cell phone or email. Hence, if the hacker does not have access to that email or cell phone, accessing the network will be much more difficult.
Although all of this may sound like a hassle, it is necessary to prevent losing thousands and even millions of dollars on data breach fees, and worst of all, brand reputation.
Netsurion can take the hassle out of prevention measures with a full-service suite of offerings tailored to your cyber security needs, including PCI compliance regulations.
For more than 25 years we have been helping brands and businesses of all sizes manage and secure their network. Whether you have one POS terminal, or 1000 locations with multiple POS terminals in each, Netsurion can help guard you from a breach, ensure you continue compliance, and ultimately protect your brand and pocketbook...
Let us help make this simple for you.
Learn more about how Netsurion can help your business by scheduling a free consultation. You can also learn more about our Security Adoption solution designed to protect global brands managing thousands of locations and get a free personalized plan by going to www.netsurion.com/security-adoption.