The Target and Neiman Marcus (and now Michaels) data breaches generated a lot of concern for retail businesses. The data breaches were caused by memory-scraping malware that’s designed to steal customer names, credit cards numbers, and other personal information.
What you should do to prevent these attacks:
Upgrade outdated software to prevent infection from malware or cyber-attacks.
- Always run the most recent version of your operating system and applications.
- Make sure updates, upgrades, and POS software are compliant with PCI DSS (Payment Card Industry Data Security Standard) requirements.
- Implement point-to-point encryption on POS systems.
- Make sure payment applications aren’t configured in a troubleshooting or debug mode.
Conduct ongoing security awareness training for employees and implement the following strategies:
- Isolate the payment network from your business network to keep customer data separate from corporate data.
- Limit access to network equipment, data storage, and customer data.
- Deploy anti-virus software on a regular basis.
- Create a policy for application use to prevent malware installation and unapproved programs.
- Audit your security of systems on a regular basis.
- Limit administrative privileges to ensure systems, applications, or services are accessed by only trustworthy individuals.
Protect your computers’ network ports or endpoints of communication with firewalls.
- Use a network firewall that offers intrusion prevention and deep-packet inspection.
- Configure your network firewall to ensure that unknown services and IP addresses are blocked.
- Only allow essential traffic to enter your network, such as Internet and email, and block other ports.
Use strong passwords to make it difficult for hackers to gain access to your computers, applications, and services.
- Use strong passwords with a combination of letters, numbers, and symbols.
- Don’t share passwords with other employees.
- Use separate passwords for each website, application, and service.
- Protect access to payment-processing networks with two-factor authentication.
- If an employee leaves the company, remove their access privileges from all systems.
To learn more about proper security measures to protect your POS systems, give us a call at (713) 490-5000 or send us an email at firstname.lastname@example.org. CITOC can help you keep your network and POS systems safe against cyber-attacks.