Data breaches have become increasingly common for merchants who process payments using remote-access systems. Year after year, there are reports of breaches that target and invade point of sale (POS) or property management systems (PMS) to gain access to sensitive customer data. The latest high-profile victim being Macy’s, who recently announced that their system was breached and customer data was compromised.
While an enterprise like Macy’s will most likely be able to survive the financial ramifications of a cybersecurity breach, unfortunately, your small business may not. Also, that’s why it’s so important to take preventative measures.
Here are three ways to prevent data breaches from having a lasting impact on the livelihood of your business.
1. Login Information
- Whenever possible, use multi-factor authentication, which verifies the user by requiring a unique code to be entered along with their username and password.
- Limit the number of third parties who have access to your system so that there are fewer entry points into your system.
- Regularly change login credentials, especially around the holidays; and, don’t go back to old passwords once you’ve changed them.
- Require those who do have system access to create complex passwords that aren’t used by any others with access.
- Avoid using outdated and unsupported operating systems, such as Windows Vista and Windows XP, which don’t receive updates that can protect against new security threats and tactics.
- Lock accounts after multiple failed login attempts to protect against automated hacking software. The most advanced of which can try billions of password combinations per second.
- Monitor and report any suspicious login activity immediately. No exceptions!
2. System Access
- Employ up-to-date firewall, virus protection, and intrusion-prevention systems. However…
- Do not rely solely on anti-virus software, as hackers can make some malware undetectable.
- Restrict all workstation internet access that is not directly related to the essential functions of the POS or PMS, following the principle of least privilege.
- Do not allow external media devices – such as USB drives or even smartphones – to be connected to the terminal.
3. The Final Measure: Payment Security Solutions
In addition to these surface-level tips to prevent malware, merchants should also employ a few specific payment security technologies as a precaution against data theft:
- Tokenization that replaces stored credit card, debit card, and gift card transaction data with a randomized, alphanumeric value that is impossible to replicate and meaningless if stolen.
- Point-to-point encryption (P2PE) that encrypts the card data the moment the payment card interacts with the payment device so that sensitive cardholder data never enters your system in the first place. This way, even if your system were to become infected with malware, there wouldn’t be any payment data to steal.
How Hackers Gain Access
With these methods, hackers can create a back-end channel without being detected for days, weeks, or even longer. All the hackers have to do is let it sit there while they collect all the sensitive data that passes through. By the time the merchant is aware of the attack, it’s likely too late. The damage is done, and the criminals hijacked the personal information of thousands – if not millions – of customers.
Phishing attacks use emails that look like they are from a trusted person or company that trick the user into entering their login credentials. Hackers are “fishing” by sending out hundreds of emails until someone eventually falls for the fake email and willingly hands their login information right over to cybercriminals.
The Bottom Line
The moral of the story is this: When it comes to your security, don’t take anything for granted! Hackers typically seek out the “low-hanging fruit” of merchants that have weak security systems in place. At the very least, these technologies and best practices can send the message to cybercriminals that your data will not be the low hanging fruit they were hoping to find.
They can go a long way in providing any card-present or card-not-present merchant environment with the best ways to prevent data breaches and deter cyber theft. After all, what’s a good habit or two versus the expensive nightmare and never-ending headaches of recovering from a data breach?