What Would Your Business Do if Its POS System was Hacked?
If you’re a retailer who uses point-of-sale systems for customer transactions, you’re in possession of valuable data that people inside, and outside, of your company want access to. These systems can be susceptible to cyber attacks, especially if you aren’t prepared. According to research, cyber attacks cost small to medium-size businesses an average of $188,242. If that isn’t chilling enough, nearly two-thirds of attacked businesses are forced out of business within six months of a cyber attack.
The first step to preventing cyber attacks is learning more about the most common types of attacks, followed by taking several simple steps to protect your business from cybercrime.
What are the most common cyber attacks on small businesses?
In 2014, Verizon put together a report that analyzed the most common types of cyber attacks against businesses. They found that 92% of all incidents stemmed from only nine types of attacks.
For retail businesses, the following varieties of cyber attacks are most troublesome:
POS intrusions are particularly worrisome in retail settings, where payment information can be stolen, and these attacks have their own specific timeline.
Crimeware is particularly common when a company stores a lot of information on various systems, like servers and desktops.
Insider and privilege misuse happens when employees, or other people with access to important information, use a company’s data to commit a crime.
Payment card skimmers are also commonplace, where a device “skims” customer payment information as they complete their transaction.
Physical theft and loss can happen, too. Stolen laptops, documents, hard drives, and more can be targets for criminals.
How your business can prevent cyber attacks
You don’t need to be a security expert to protect your company from cyber attacks, but you will need to spend some time assessing your current situation, and fixing any deficiencies.
1. Do a security audit
Before you can protect your business, you need to have a solid understanding of where your security currently stands. Do you encrypt sensitive data? Where is your most sensitive data stored? Who has access to it, and how are they using it? Do you have a specific security system in place for your POS systems?
Answering these questions will help you determine where your security weaknesses are.
2. Train your employees on cyber attacks
Most companies don’t do an adequate job of educating their employees about the importance of being diligent with their own security. This is especially important as businesses move toward collaborating on the cloud, and as employees work from outside the office. For example, do they know that passwords should never be the same across multiple platforms? Do they realize that “password1234” isn’t going to keep unwanted visitors at bay? Are they aware that email scams are becoming increasingly sophisticated?
3. Use specialized POS services to protect that data
Even though your payment software likely functions in unity with the rest of your software and hardware, POS systems have their own weaknesses that criminals can take advantage of. They make your life easier, but they also make it easy for criminals to access data. You’ll want to ensure that your company has installed a comprehensive POS security system.
Because a POS attack can occur whenever a network is breached, maintaining POS security ties in with every other aspect of preventing cyber attacks.
4. Lock up your network!
WiFi networks are well-loved by hackers. They’re so easy to break into! And, once they’re compromised, it’s oh-so-simple to find sensitive data and information. Always password protect your WiFi network, but try to use a hardwired network when possible. If you can’t, at least disable the network’s SSID (service set identifier) on the router. This ensures that your network can only be accessed by people who know the network’s exact name. And, even if you think your POS system is secure, remember that a savvy hacker can access customer payment information if they already have access to your network.These steps are just the beginning, and typically, there’s always more than you can be doing to protect your business from cyber attacks. Requiring that computers be locked to a desk, and that all sensitive documents be shredded immediately, are two policies that are relatively easy to implement, for example.