5 Ways to Ensure POS Malware Doesn't Ruin Your Holidays
The holiday season may not spell peace or joy for countless IT professionals this year. The 2016 Kaspersky Black Friday Threat Overview predicts that not only will the 2016 holiday shopping season be a record-breaker in terms of retail sales, it will also contain an unprecedented number of information security crimes.
In fact, their key findings state that criminals are already working double-time. Underground retailers of skimming systems and other financial crime tools are experiencing high sales as crime collectives gear up for record-breaking theft. Join us as we review how to protect your point-of-sale (POS) systems during the 2016 holidays so you're not affected by the coming spike in attacks.
Point of Sale Malware Can Represent a Payload
After the 2013 Target data breach, malware-driven POS attacks experienced a surge in popularity. These attacks have also become increasingly sophisticated, with Symantec stating that they're typically multi-stage. POS attacks may include "infiltration, network traversal, data capture, and exfiltration."
Kaspersky's research reports that while in 2013, there were only four documented families of POS malware, today there are over 36. Even security analysts are hesitant to predict whether the period between Thanksgiving and New Year's 2017 will result in a 5, 10, or 15% spike in POS attacks, but it's almost certain that there will be a significant increase.
To learn more about why POS malware is on the rise year round, we recommend the Cimcor blog 7 Reasons Point-of-Sale Data Breaches are a Threat to Every Retailer.
How to Protect Your Point-of-Sale Systems this Holiday Season
1. Utilize End-to-End Encryption
While it's probably much too late to implement a new POS system during the holiday rush, utilizing end-to-end encryption can significantly mitigate POS attack risks year round. This technology immediately encrypts the cardholder's data the minute the card is swiped and keeps the data in encrypted form during transmission to the host.
However, it's important to recognize that using a system with leading encryption isn't a sign that you can relax. Encryption can be one effective tool for protecting your brand and customers, but it's not a replacement for full PCI compliance or comprehensive security.
2. Update Antivirus and Firewalls
Not only are regular updates to your POS software an important best practice, it's required for PCI compliance. Strong firewall and antivirus practices, including full updates, can ensure your systems aren't operating with vulnerabilities that are well-known to criminals.
Depending on the structure of your organization, disabling or significantly limiting remote access to your POS with rules-based administration is also important. This can limit criminal opportunities to insert malware or modify your technology.
3. Implement Physical POS Device Security Practices
This holiday season, you may need to worry more about malware-driven point-of-sale attacks than physical tampering. However, both forms of attack should be on your radar as possibilities during the holiday shopping and crime crazes.
To comply with PCI requirements and protect against the installation of skimming devices, your team should regularly inspect the systems for any signs of tampering. While many retailers engage in a heavy amount of seasonal hiring to cover holiday shopping needs, training your temporary hires on best practices for POS security monitoring is also crucial.
4. Check Your (PCI) List at LEAST Twice
If you're out of compliance with PCI guidelines around POS systems or security heading into the holiday season, you're almost certainly at a significantly increased risk of attack. Components of PCI that can protect your organization from POS attack risks include, but aren't limited to:
- Physically restricting access to data and systems
- Strong password management
- Unique user IDs for employees with data access
- Performing penetration testing
- Running security scans
5. Actively Monitor and Mitigate Risks
Per PCI requirements, your organization is required to perform at least once-weekly scans on your POS systems as well as scans whenever significant updates occur. However, this might not be sufficient to detect the breaches that can result in theft of data.
Real-time monitoring of your POS systems can allow you to detect suspicious changes to software, unauthorized access, unusual data transactions, and other red flags from the second they occur.
Can IT Relax this Holiday Season?
For most IT pros, doing at least a little work over the holidays is an accepted and normal part of their career. However, the right file integrity monitoring solution can significantly ease your workload and stress.
With CimTrak for Point-of-Sale Systems, your organization can gain best-of-class protection for a wide range of POS systems, including Windows XP and XP embedded, WEPOS, and POSReady. Your organization can gain immediate insight into changes that occur on your POS systems and any other endpoints on your network. These changes are conveniently tracked, logged, and detailed in the administrative portal.
Best of all, Cimcor is the only file integrity monitoring solution to offer real-time remediation from the admin portal, allowing you to make it home for the holidays and enjoy your festivities with family after all.
To learn more about how to meet and exceed PCI-DSS requirements for your POS systems this holiday season, we recommend The PCI Compliance Checklist.
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".