POS Security: 5 Tips to Help Small Businesses Protect Against Data Breaches

The big story this month in the world of data security occurred in the Pacific Northwest, where it was reported that a string of eateries had experienced security breaches, with 290 restaurants exposing customers’ credit card info. The restaurants included big names like Dairy Queen and Buffalo Wild Wings, and small businesses like Flat Tail Brewing Company and Laurelwood Brewing. The common trend between these businesses was their POS security.

For IT Consultants, POS vulnerabilities are becoming a nightmare. The first big story came last year, when Target announced that approximately 40 million shoppers at their stores had their credit cards stolen during the holiday season due to the Black POS malware. Then came Nieman Marcus and PF Chang’s. Meanwhile, small businesses nationwide – from pubs to carwashes – are also getting hit with POS breaches.

According to a Data Breach Investigation Report put out by Verizon, 14% of all data breaches in 2013 occurred because of POS vulnerabilities. Based on the patterns in 2014, this series of trends seems likely to increase in 2014.

The unfortunate truth is that many of these breaches were easily preventable by implementing proper POS security. While a few were the result of sophisticated hack attacks, most were the result of lax security on the part of the business owners.

How to Prevent Identity Theft at POS?
Here are a few reminders for IT consultants who provide services to small businesses owners:

1. Strong Passwords: A surprising number of data breaches happen because business owners fail to use a smart password. They either use the default passwords, which almost always get revealed and exploited as the years pass, or they use passwords that are weak and easy to guess.

Passwords that are single dictionary words without varied characters can be easily cracked by even novice hackers. The best passwords are alphanumeric, mix capital and lower case letters, and contain varied symbols. To prevent online breaches after a physical store break-in, the password should not be written down and left in the open or on a pad of paper.

2. Up-To-Date Hardware: Out of date machines are much easier to bypass than newer machines. Such was the case with El Agave Mexican Restaurant in Fairmont, Minnesota. Just weeks away from investing in new machines, the small restaurant was hit with a breach in which credit cards were stolen. POS equipment isn’t designed to last forever. As such, they need to be replaced when it’s time.

3. Protecting POS Credentials: This is important for small business owners and POS vendors. Once credentials get out into the open, “breach” becomes plural, as the credentials can often be used on all clients using the same POS software. POS vendors need to use the same smart password protocols as small businesses, and they would be wise to use different passwords for each individual client rather than using the same for all, which could cause widespread problems.

4. Avoid Web Browsing on POS Terminals: An easy way to expose POS software vulnerabilities is to browse the web and accidentally download malware through a malicious website or a phishing scam. Best practice is to do all web work on a separate computer, or restrict where and what employees can browse. On both the separate computer and the POS terminal, an absolute must is…

5. Good Antivirus Protection: All of the above practices mean nothing without quality protection in place. A strong firewall, denial of service defense, intrusion protection, malware/virus protection, encryption, and so on, are all essentials for small businesses to stay ahead of the curve.

It has been revealed time and again that small businesses are often much more concerned about physical losses rather than digital losses, so online security is often much less of a priority than it should be. This means that IT consultants must repeatedly remind business owners about the importance of staying ahead of online threats.