Do you use POS terminals? Are they remotely managed? You are probably going to get hacked.


If you are using a windows based POS you are probably going to get hacked.  If you have your vendors remote access tools installed(and many do) your chances of getting hacked are much much higher:

Wendy’s statement that the attackers got access by stealing credentials that allowed remote access to point-of-sale terminals should hardly be surprising: The vast majority of the breaches involving restaurant and hospitality chains over the past few years have been tied to hacked remote access accounts that POS service providers use to remotely manage the devices.

Wednesday’s story about a point-of-sale botnet that has stolen at least 1.2 million credit cards from more than 100 Cici’s Pizza locations and other restaurants noted that Cici’s point-of-sale provider believes the attackers in this case used social engineering and remote access tools to compromise and maintain control over hacked cash registers.

Once the attackers have their malware loaded onto the point-of-sale devices, they can remotely capture data from each card swiped at that cash register. Thieves can then sell the data to crooks who specialize in encoding the stolen data onto any card with a magnetic stripe, and using the cards to buy gift cards and high-priced goods from big-box stores like Target and Best Buy.

If the financial institutions are reporting even greater amounts of fraud than even Target or Home Depot this means more than 40 million cards have been compromised.  Keep in mind Target was breached through a third party vendor who had remote access to their network through a VPN to allow this vendor to control some target stores HVAC systems.  The third party vendor had poor internal security.  However, Targets internal security was also poor.  The HVAC vendor was infected which infected Target.  Due to poor network segmentation that malware then allowed other parties to make it form HVAC to their POS systems which lead to the massive breach.

 

If you do not have a dedicated IT staff or you are not sure if your technology vendor really has your network security in mind, contact ETC Maryland immediately to protect yourself from the liability of a data breech.  This is doubly true if you have  POS system inside your building.