By Colin Kennedy, Iron Road - for Vend
Point-of-sale software users - particularly smaller to medium operations - need to be aware that there are three critical issues that could threaten the security of their businesses; ransomware attacks, mobile payments and confidential data.
Independent retail software expert Stu Lees says that in his experience the corporate users of POS software do a good job with security, but smaller operations lag when it comes to both awareness and appropriate security measures.
‘I have encountered three retailers just recently who were hit by ransomware because a staff member clicked on a link they shouldn’t have. ‘Ransomware attacks - where malicious parties encrypt the data on your computer until you pay them to free it - are on the increase. All three of these retailers were semi-crippled for more than a day.’
Lees said ransomware attacks don’t just happen. They result because a staff member was tricked into clicking on a link. Retailers using a cloud point-of-sale system like Vend, for example, their point of sale systems are safe, but the computers themselves are no longer usable.
While corporate companies worry about whether or not they have to Payment Card Industry Data Security Standard (PCI DSS) compliant, smaller business is for the most part not paying much attention to mobile payments. ‘Smaller retailers will be able to leverage their EFTPOS (electronic funds transfer at point of sale) terminal providers for security.
‘The bigger issue, and it’s less one of security, is selecting the suppliers who are most compatible with your customer demographic. For example, Strip, Google or Apple.
‘The mobile phone is going to replace the wallet, and retailers need to be aware of this and begin to develop a strategy for how they will transition because it’s often at moments of transformation that we’re the most vulnerable to mistakes that could lead to issues down the road. ‘What some of those might be is still evolving,’ Lees said.
The third important issue is storage and security of private customer data. ‘If your systems are not secure and your computer gets stolen, you may have just handed over thousands of your customers’ home address details stored on the PC.
‘Security of data is not much of an issue if you’re using a cloud-based point-of-sale system. However, your user security must be on point. If a staff member leaves and you don’t remove their login rights, they could go home and access your data for malicious or competitive reasons,” Lees said.
Three tips to help secure your POS system
1. Implement best practise configurations: Lees said every retailer, no matter how small, should have a good IT service provider who can professionally install security software and apply a best practise security configuration to the system. ‘Make sure your IT systems are regularly inspected by a professional. Downloading security software from the Internet won’t cut it,’ he said.
2. Staff awareness and education Making your staff aware of the dangers of ransomware, and educating them in how to recognise threats will go a long way to mitigating the threat of ransomware.
3. Systemise user security Ensure there are process and procedures in place for protecting your POS systems when a staff member departs. ‘Don’t trust anybody. The moment a person departs, for whatever reason, make sure that they can no longer access any of your systems,’ said Lees.
By Colin Kennedy for Vend. Vend Point of Sale software is installed in over 20,000 stores in more than 140 countries. Vend has received over $49 Million in funding since 2010 and has over 200 staff members in five major markets - (US, CA, UK, NZ, AU). Learn more about Vend.
Other Point of Sale news of interest:
Image courtesy of https://flic.kr/p/7tVnAg