Point of sale security is one of the most critical points of a business's overall cyberdefense plan. No amount of extra security staff or technology can prevent a cybercriminal from attempting to breach a point of sale system for the treasure trove of customer data that it holds, but with a few simple steps, retailers can make it much harder on hackers.
Recent major data breaches at global retailers like The Home Depot, Target and Subway all came via vulnerabilities stemming from their point of sale systems. In today's era of constant security threats, focusing on the point of sale can save a retailer from the potentially disastrous financial consequences of a breach. With that in mind, here are just a few things a business can do to make its systems more secure and less of an inviting target for cybercriminals.
"The most important first step is to gain control over your network."
Lock down your network
The most important first step is to gain control over your network. According to Internet security company Symantec, criminals usually initiate a point of sale attack by installing a malware program that retrieves and stores the information from cards swiped at terminals. To get access, thieves exploit weak passwords or gaps in the corporate network firewall system. As most point of sale terminals are not connected to the Internet directly, cybercriminals must first gain access to the network. But once they are in, they often meet minimal resistance. Techspective said that many point of sale vendors use default passwords when they install a system in order to simplify the process, but if those passwords are not rotated, they can provide an easy way in for hackers. Be certain to regularly change and update all passwords associated with a point of sale system and ensure that employees are using strong, regularly updated passwords as well.
Check your vendors
Make sure that outside vendors are also in compliance with your security standards. They should be using strong passwords, and be vigilant at guarding them. Techspective reported that the Target breach in 2013, which compromised over 110 million cards, was initiated by the hacked credentials of a refrigerator vendor who worked with Target. Anyone who has access to the corporate network should be following rigorous security protocols. A lax vendor can provide an easy way in for hackers.
Isolate the point of sale
As point of sale systems are rarely connected to the Internet, hackers must gain access via a company's corporate network. E-Security Planet recommends isolating the point of sale system from other parts of your network by deploying firewalls and antivirus software. Cybercriminals follow the path of least resistance into a system and deploying a second layer of internal security can frustrate attackers.
It is also critical that a company keep its point of sale software up to date. According to Techspective, point of sale vendors spend a great deal of time updating and patching their software to make sure that it is secure against the latest types of cyberattacks. That defense can be invaluable in stopping hackers but it won't make much difference if the point of sale system is not up to date. The malware attack on The Home Depot was successful because the home improvement giant failed to keep its system up to date, according to E-Security Planet.
Hackers and cybercriminals are always looking for new ways to attack point of sale systems, so retailers must remain vigilant and ready for anything. Thankfully, using these simple steps can go a long way toward keeping a company's system, and their customers' data, safe and secure.