What is your Security Plan?

If your security plan is to think your business is too small for a hacker to pay attention to you, well, that's exactly what these criminals want  you to think.

Early on these criminals went directly to the card processing organizations such as Heartland Payment Systems to steal card information.

At the end of 2013 we learned about the data breach at Target.  As reported by KrebsonSecurity on February 12, 2014, "The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation."

More recently we learned about P.F. Changs, SuperValu, UPS Stores, and Sally Beauty.  

On September 2, 2014 it was Home Depot that got hacked by what appears to have been a variant of the same Mal-Ware used at Target according to KrebsonSecurity.  

Even more recently Goodwill Industries International and Dairy Queen.  And just this week, Staples.

As reported by Martyn Williams at PCWorld.com, "Over a thousand major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called “Backoff” and are probably unaware of it, the U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday."

Even NBC News is reporting on the POS Mal-Ware attacks.

Just this week iPOS has had a number of calls from customers stating their computers are running slow or acting strange.  After further investigation, we found Mal-Ware had been installed.  We installed BitDefender on these POS computers and it immediately detected and removed the threats.  Keep in mind, if you are browsing the internet or receiving email on your POS/Accounting computers, no anti-virus or anti-malware will prevent 100% of the attacks.

iPOS wants to point out 7 systems you can put in place right now at no cost or a low cost to help minimize a data breach.

  1. Do not access the internet or email on your POS/Accounting Network.
  2. Manage remote access to all computers on your POS/Accounting network.  DO NOT ALLOW UNATTENDED REMOTE ACCESS.  Enable and use two factor authentication for all access to computers on your POS/Accounting network.
  3. Use Standard Windows User Accounts and limit the use of administrative users in Windows, POS and Accounting software.  Use complex passwords and change passwords every 90 days
  4. Maintain up-to-date software, operating systems and web browsers.
  5. Shutdown (Power Off) and Restart all computers on your POS/Accounting network regularly (daily is optimal) to clear memory. (Do Not turn your computers off over night as this is when most software will perform their updates.)
  6. Separate your POS/Accounting network from all other computers and devices accessing the internet and email.
  7. Install a commercial grade, managed anti-virus, anti-spyware, firewall (BitDefender) and keep it up to date. Regularly run and review results of scans for malicious software.
Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk