If your security plan is to think your business is too small for a hacker to pay attention to you, well, that's exactly what these criminals want you to think.
Early on these criminals went directly to the card processing organizations such as Heartland Payment Systems to steal card information.
At the end of 2013 we learned about the data breach at Target. As reported by KrebsonSecurity on February 12, 2014, "The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation."
More recently we learned about P.F. Changs, SuperValu, UPS Stores, and Sally Beauty.
As reported by Martyn Williams at PCWorld.com, "Over a thousand major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called “Backoff” and are probably unaware of it, the U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday."
Just this week iPOS has had a number of calls from customers stating their computers are running slow or acting strange. After further investigation, we found Mal-Ware had been installed. We installed BitDefender on these POS computers and it immediately detected and removed the threats. Keep in mind, if you are browsing the internet or receiving email on your POS/Accounting computers, no anti-virus or anti-malware will prevent 100% of the attacks.
iPOS wants to point out 7 systems you can put in place right now at no cost or a low cost to help minimize a data breach.
- Do not access the internet or email on your POS/Accounting Network.
- Manage remote access to all computers on your POS/Accounting network. DO NOT ALLOW UNATTENDED REMOTE ACCESS. Enable and use two factor authentication for all access to computers on your POS/Accounting network.
- Use Standard Windows User Accounts and limit the use of administrative users in Windows, POS and Accounting software. Use complex passwords and change passwords every 90 days
- Maintain up-to-date software, operating systems and web browsers.
- Shutdown (Power Off) and Restart all computers on your POS/Accounting network regularly (daily is optimal) to clear memory. (Do Not turn your computers off over night as this is when most software will perform their updates.)
- Separate your POS/Accounting network from all other computers and devices accessing the internet and email.
- Install a commercial grade, managed anti-virus, anti-spyware, firewall (BitDefender) and keep it up to date. Regularly run and review results of scans for malicious software.