We’ve all seen the news: places we’ve trusted with our credit card information, such as Target, Neiman Marcus and Michael’s Crafts, have all suffered massive hits that included thousands, and sometimes millions, of compromised accounts. While these attacks are some of the biggest we’ve seen in history, they actually aren’t as surprising nor as novel as we might think. As recent as last year, Visa was warning the public and merchants about security problems that might come to pass in early 2014, including attacks that involved “memory-scraping” malware. One alert was published in August and one in April. Both alerts describe how an attack would have to happen to be effective and how to prevent massive damage to data collected by POS devices.
Below is some of the advice that Visa gave to these big businesses, and while your business might not be as large as Target, it’s still important you consider the same security measures when dealing with a client’s private information.
Strong POS Passwords
It’s really easy to use the default password upon setup, simply because it’s short, easy to remember, and can be changed at a later time. Unfortunately, not everyone changes the default password at a later time. In addition, some passwords on POS systems have been the same for as long as the device has been set up, which makes it easy for hackers to guess and gain access. The first thing someone that’s a professional thief is going to do is test the common default passwords.
Update Your Software Applications
When your machine says it needs an update, putting it off for more than just the transaction at hand is begging for trouble. Often updates to a device include important security updates that are dangerous to avoid.
Restrict Internet Use
Even if you’re using a common piece of equipment, such as an iPad, as a register and POS terminal, that doesn’t mean the device needs to have free reign of the Internet. This is so that cashiers or those who ring people out – including yourself – don’t accidentally expose any information that you’ve collected. If your device needs to communicate with the Internet to function, make sure that all traffic except that used by the single connection to the Internet is blocked by your firewall.
No Remote Access
It can be tempted to enable remote access, simply because you can check all kinds of numbers throughout the day as people check out or purchase services from your company. However, once remote access is set up, it makes it much easier for a criminal to access a network since that connection is already set up. Ensure your firewall configuration includes this key feature.
While it can be difficult to predict every little thing that’s going to happen, or what hackers are going to exploit next in the name of stealing data, it’s easier than you might think to protect a lot of the data you collect as a small business by simply being aware of good protection practices. Never hesitate to consult an expert in your area if you need help setting up or maintaining a POS firewall or other security feature.