Follow these steps to stop dealing with disastrous security setbacks and start thinking more about the future.
Last month, hackers breached point-of-sale devices in Checkers and Rally’s restaurants across 20 states, gaining customer information dating back to 2015.
In theory, this occurrence should have deeply concerned customers and alerted CEOs to the dangers of lax security. It was a data disaster that could have easily been avoided with proper security measures in place. It also disappeared from the news cycle relatively quickly, failing to garner the same attention as the cyberattacks on Target and The Home Depot in 2013 and 2014. Regardless, POS-based attacks have become increasingly commonplace, and that’s cause for concern.
Many businesses fail to understand the role of POS in their larger IT ecosystem — and the opportunities and vulnerabilities these devices pose.
Security Should Be More Than Just an Afterthought
Part of the reason POS breaches continue to happen is that many businesses fail to make security an integral part of their organizations.
Security protocols can alert leaders to core issues before their impact surpasses reasonable containment. For instance, vulnerability management can uncover pain points in the product development cycle, such as overlooked testing and quality assurance issues. A robust security strategy, in many ways, signifies that a company takes innovation seriously.
Why POS Devices Are Such Easy Targets
But why are POS systems such popular points of entry among cybercriminals? Abundant credit card information and valuable data constantly pass through these devices. The same financial draw is the reason e-commerce transactions are such a popular target for attack.
Without a standardized patching schedule or an unencrypted connection to a store’s server, hackers can easily break into POS systems. Easy physical access to the devices also presents a challenge that regular office environments don’t have to contend with on such a large scale.
Even more worrisome are the various ways simple human error can help unauthorized individuals harvest valuable data. If a person steps away from a register without logging out or downloads an unapproved application, a hacker can be inside the system within minutes. It’s important to remember that as skilled with computers as hackers are, they’re also skilled at understanding how people operate, which makes social engineering a significant part of the threat as well.
How Professional Services Leaders Can Tighten Up Their Point-of-Sale Security
POS vulnerabilities aren’t as difficult to fix as they might seem. Here are a few ways to keep your devices secure:
- Set up access controls. Not every employee needs the same level of data access. Restrict who can see what based on their role in the organization. Business-critical information should only be available to those who truly need it. In addition, prohibit downloads to POS devices for anyone outside of IT, and make security and access protocols clear to everyone.
- Get software that can account for human error. Everybody makes mistakes. Thankfully, there’s software that’s prepared for any slips that could result in a major breach. Leverage solutions that will perform tasks, such as automatically logging employees out after a period of inactivity and stamping data with the name of the employee responsible for creating it. This way, you increase security and accountability organizationwide.
- Practice good device hygiene. Remove old IDs and passwords, keep track of whether devices are routinely serviced, and only retain customer data that’s absolutely necessary. In addition to these manual steps, you should also add applications that can assist you in cleaning up your device. Install an antivirus software and implement end-to-end encryption that secures information through all stages of transit, removing the weak point from POS to store server.
- Ensure payment card industry compliance. One of the best ways to ensure security is to follow established protocols. Have standardized data security across your card readers, networks, routers, servers, online shopping carts, and physical files. Also, secure all contact points with your POS devices and segment this data so that in the event of a security breach, only a small fraction of information is affected.
By following these simple steps and approaching security as an essential part of business, leaders can stop dealing with disastrous security setbacks and start thinking more about the future.