Data breaches, new ransomware, and other security threats seem to be in the headlines regularly. In fact, it’s been reported that POS attacks have increased 22% since 2015. Criminals are more organised and well-equipped than ever before. There’s no sign of things slowing down.
While it’s easy to believe that your business isn’t a target, the fact is, the tools criminals are using today don’t discriminate. They look for weaknesses and exploit them. If you do suffer a breach or loss of some sort, will you be able to weather the effects? Can you afford to pay potential fines from the credit card companies? Can you afford a damaged reputation and possible loss of business?
Rather than bury your head in the sand and assume your system is secure, ask your solution provides the following questions.
Am I running antivirus?
Windows-based POS systems are susceptible to malware if connected to the Internet and unprotected. Antivirus can protect the system from malicious programs that can be used to capture customer information, lock and encrypt your system, or worse.
What steps have you taken to secure my network?
Antivirus will help protect PCs and POS devices, but the overall network — your router and wireless access points — still need consideration. Firewalls can be put in place to allow you to control what data comes in and out of your network. For example, if you don’t need Internet access on your POS machines, those ports can be shut down. As an extra precaution, intrusion detection and prevention systems can be used to alert you if suspicious traffic is coming into your network or leaving it, particularly useful if an employee installed malware that’s sending data outside the organization.
Your network can also be segmented to ensure that POS devices and other networked devices are kept separate. Since phone systems, digital signage, video surveillance, and many other systems now plug into our networks, it’s essential to keep their traffic separate from that of POS and payments. Additionally, if you offer guest Wi-Fi, extra precautions need to be taken to keep guests outside your business network.
Are the latest software patches installed?
A recent investigation into more than 400 breaches shows that improper setup and maintenance was a principal cause. Your initial installation might have been 100% secure, but without patches, updates, and routine maintenance, you might be vulnerable.
How strong is my password policy?
There’s no denying, passwords can be annoying, especially if you follow the rules. Unfortunately, the best practices set forth by the PCI Security Standard Council exist for a reason — they work. Also, it’s been shown that the majority of breaches happen due to poor password policies. According to the 2017 Verizon Data Breach Investigations Report, 81% of hacking-related breaches involved either stolen or weak passwords. Make sure you’re using strong passwords and changing them regularly. This simple step can have a profound impact on your security.
By asking these questions to your POS vendors, and filling any security gaps that currently exist, you can significantly reduce your risks of a breach, loss, and costly fine. Don’t delay; have the conversation now.