Data breaches are the new normal. Here’s what it means for your Point of Sale card data and how you can better secure your network from cyber attacks.
Cyber attacks are an ongoing concern for retail IT departments. No matter the size of your operations, data breaches can do more than impact your bottom line; they can shake your customers’ confidence and damage your brand’s reputation.
High profile cyber attacks against major retail brands like Home Depot, Target and Chipotle grab the headlines. But a data breach doesn’t have to be in the news to have an impact on your retail business. According to the 2018 Verizon Data Breach Incident Report (DBIR) 58 percent of data breaches impacted small businesses.
The financial implications are real. The average cost of fines and liability from a POS breach is $36,000 and can exceed $50,000. Factor in lost revenue ($21,000 average) and the cost of outsourcing security professionals to resolve the breach ($21,000), the average price to an SMB can balloon to $117,000 per incident. And each stolen record can cost a retailer $141 on average.
Not all the news is bad. The transition to EMV chip cards over the last several years has contributed to a decline in payment card fraud. But EMV alone won’t help IT fend off network attacks. EMV only prevents card counterfeiting; it doesn’t stop attacks targeting your network and getting to your point-of-sale card data environment. Security is a moving target, and cybercriminals evolve fast, using an ever-changing set of tactics to get to card data.
It’s a problem we’re all too familiar with. Many retailers we speak to tell us they can’t keep up with the big guys, that they’re too busy running their operations, and that adding technology and resources is too costly.
As long as card data continues to fetch $10 to $20 per record on the dark web, there will be plenty of incentive for hackers to steal payment information.
What You Can Do to Protect Your POS Data
The first step to protecting your POS data is understanding the nature of cyber threats and how thieves continually evolve their tactics to exploit network vulnerabilities.
Phishing: Anyone in IT is familiar with one of the most common threats – phishing attacks – where cyberthieves trick unsuspecting victims to give up private information with fraudulent emails that appear reputable. Even still employees continue to fall prey to evolving phishing tactics and social hacks (where users are tricked into disclosing their credentials).
Remote Access: A growing cyberthreat is accessing your store network via a third party or IoT devices like WiFi routers, security cameras, and inventory control scanners. Once inside your network, attackers conduct network reconnaissance using diagnostic tools and techniques to identify systems with access to payment data and isolate specific user accounts.
Fortunately, there are steps you can take to safeguard your network and protect your POS data. Acumera has compiled a list of best practices based on our many years of delivering network security services for the payment systems and operations for retailers and restaurants.
Below are a some of the best practices Acumera advises for our customers:
- Don’t rely on universal default passwords. Attackers can easily obtain default passwords and identify internet-connected target systems. With all the breaches happening these days, your passwords may be posted somewhere out on the internet. You can see if your passwords have been stolen and posted here.
- Put multi-factor authentication (MFA) in place. MFA compensates for the weakness of the other factors (like universal passwords). Duo has a great solution that’s easy to deploy.
- Implement access controls for vendors. Remote access by a 3rd party vendor that had access to the wider network was the Target breach culprit and a principal attack vector for cybercriminals.
- Avoid off-the-shelf or homegrown routers for your network. They can leave you open to a cyber attack. Botnet operators and cyber-espionage groups (APTs) are abusing the Universal Plug and Play (UPnP) protocol that comes with all modern routers to proxy bad traffic and hide their real location from investigators.
Of course, no retailer can ever be completely immune from a data breach given the growing complexity of network solutions, the increasing reliance on IoT devices, and evolving tactics of cybercriminals. But by remaining vigilant, adhering to best practices, and partnering with managed security experts your business can go a long way to minimize this threat.
Read our white paper to get more detail on the cost of a breach to your business, best practices and how to implement them.
Edge computing can increase efficiencies and drive ROI through many innovative and practical uses. The value of edge computing is that it speeds up data processing and saves bandwidth costs by locally processing computations, storing data and delivering services. Edge computing reduces latency and the time …
Organizations that require an annual PCI compliance audit have many options when it comes to choosing a Qualified Security Assessor (QSA) company. While the PCI Security Standards Council validates each QSA company’s adherence to the PCI DSS, there are still differences between QSA companies, their approaches …
Organizations can improve their compliance status and reduce the internal burden of compliance by carefully choosing PCI compliant service providers. Selecting the right provider for your company requires careful attention to detail since there is a wide variety of service providers and levels of services they …