Keeping Your POS System Data Safe
by Tamara Haslam – Head of Sales, AURES UK
It's no secret that cyber attacks are on the rise. With more and more private companies, not to mention high profile public sector bodies being targeted by hacker groups, one might start to think that such attacks are inevitable and unpreventable. Malware specifically created to target POS systems is now a real threat.
While the risk of cybercrime is now a fact of life, you don’t have to accept falling victim to an attack as inevitable. By prioritizing data security in your business, you can take steps to counter the hackers. Securing your POS hardware is on the front line of such efforts.
What Are the Risks?
Cyber attacks aimed at your POS pose a variety of threats to your business, from having customers’ data and financial details stolen, to your systems being taken over and frozen. Here is what to watch out for.
The risk is growing, with ransomware attacks increasing in frequency by 300% over the past couple of years, globally. Ransomware encrypts the files or operating systems on a business’ IT network and renders them inaccessible until a requested amount of money is paid to unlock them.
Viruses and trojans
These types of malware infect your computer with the intention of disabling or damaging them. Unlike ransomware, the intent of some viruses isn't always monetary gain, but just to cause widespread disruption. Others will sit hidden undetected on your systems, monitoring what you do and stealing data quietly. Viruses and trojans targeting POS systems are often designed specifically to steal financial details.
Having appropriate antivirus software running on your systems at all times, and making sure your keep them up to date, will help reduce the risk of infection.
Sometimes cyber criminals don't rely on software to passively attack your systems, but directly attempt to infiltrate them and steal your information. While security patches are constantly trying to block access points for hackers, it's a game of cat and mouse and a new vulnerability seems to become available with each one that gets fixed.
The main risk to businesses from hackers is that they will get into your company and customer databases and steal everything from banking details to personal information which can be used for identity theft and fraud.
What action can you take?
Your POS equipment processes and stores large volumes of data which are highly attractive to hackers and cyber criminals. Whether they aim to steal money directly or commit fraud using a false identity, a modern retail POS solution provides ample opportunities. The key for businesses is to prioritize data security throughout their operations, taking action in a number of areas to shore up potential vulnerabilities.
Major software companies like Microsoft release regular security updates to fix areas that may have inadvertently been left vulnerable to hackers, or in response to emerging threats from new viruses. The same applies to anti-malware software. Keeping your systems up to date is essential if you want to reduce risks.
Back up your data regularly
While preventing attacks is great, nothing is foolproof and you should always plan for the worst by creating regular backups of your company's data. The key word here is "regularly" as only performing a backup every few months means all the data in between is at risk of being lost.
Secure your network
Modern POS systems rely on broadband connectivity, and businesses increasingly use WiFi for convenience - no wires, the benefit of mobility so you can move touchscreens around and take card machines to the customer etc. But WiFi also creates security vulnerabilities. Something as simple as never changing your passkey can give hackers easy access straight into your network, able to view or steal all the transaction data that gets transmitted through it. It also means that if one device in your system gets infected with malware, it can quickly spread throughout.
Having robust firewalls and firmware at every node in your POS terminal, and especially at external gateways like WiFi and broadband routers, is absolutely essential.
When your business is closed, your POS machines should be kept under lock and key if at all possible. As a bare minimum, they should be powered off or disconnected from the internet unless they absolutely need to be updated or transfer information overnight.
If you do have a break in and someone manages to steal a POS terminal, make sure it is properly secured with password protections and encryption.
To be extra safe, never secure data locally on any device or machine. This is what criminals are looking for if they steal a POS terminal, unless they aim to sell the hardware. Using cloud-based data storage means your data is always kept securely off site, with the added advantage that hosted data storage providers will offer the very latest anti-malware, encryption and physical security protocols as part of the service.
Consult the experts
AURES provides a variety of value-added services to help keep your POS systems safe and fully operational. Contact us today to see how we can help your business.