Point-of-Sale (POS) computers are an increasingly attractive target to hackers. The security breach at Target during the 2013 holiday season was the most serious in recent memory, but Target is hardly the only victim. It seems every week there’s a story in the news about retailers getting hacked and exposing their customers’ credit card numbers and personal information to data thieves.
Smaller retailers don’t have the resources of large chains like Target, but that doesn’t mean there’s nothing they can do to make their POS machines more secure. Let’s look at some simple strategies retailers can use to keep their customers’ personal data under wraps.
1. Keep POS Machines off Your Public Network
Many small businesses offer internet access to customers over a WiFi connection. Public WiFi and POS computers don’t mix. Hackers can use the shared connection to attack other computers on the network, so make sure your POS computers are set up on a separate connection.
2. Treat Your POS Machines Like Cash Registers
Don’t use POS computers for opening email, browsing the internet or running other programs. POS computers should only be used for POS-related functions.
3. Keep Your POS Software Up to Date
Apply patches and upgrades as soon as possible. If the POS software developer has fixed a loophole, you can bet cyber criminals already know about it and are looking to exploit it on machines running the old version.
4. Secure Your POS Hardware
While malware-based attacks are more common, criminals can also steal credit card information by attaching their own skimming devices to credit card readers. Be aware of what your machines look like, and have employees report anything strange or different about their POS workstations.
5. Get Serious About Passwords
Just one compromised account can give cyber criminals an open door into your network, so require strong passwords on all user and administrator accounts. Hackers can crack weak passwords of 6 characters or less in under a minute. Strong passwords should be at least 15 characters and contain a mix of numbers, symbols, upper-case and lower-case letters. Encourage employees not to choose passwords based on personal information such as their family members’ names, pets’ names, school mascot or birthday. In today’s world of social media, this information may not be as secure as they might think.
6. Disable Remote Access on All POS Computers
Remote access allows users to log into the computer from another part of the network without being physically present. Once a hacker has access to a machine on the network, they can use remote access to install malware on your POS computers. If you need to enable remote access for a legitimate reason such as a technician performing troubleshooting, be sure to disable it immediately afterward.
Customer and credit card data breaches can have disastrous consequences for businesses and consumers alike. Taking these simple steps will go a long way toward keeping your retail business out of the negative headlines.