The Christmas system attacks at Target (Dexter virus) two years ago and increased “skimming” techniques at a number of data terminals around the US and other countries merit an updated and vigilant approach to safe-guarding POS systems. To prevent unauthorized access and increase the security of POS systems, the following best practices should be followed by owners and operators:
Use Unique Account Names and Strong Passwords: On initial setup, installers often use the default or simple account names and passwords. These can be easily attained by cybercriminals. Use complex account names and passwords – case sensitive – which includes convoluted variations. For example, from one of Superman’s Enemies: MisterMxyzptlk (which is quite arcane and relatively unknown) and a password such as: R&t)L$/Gs*. In addition, business owners are advised to change account names on a regular basis.
Install Software Applications Updates: Just as the use of a computer, the updates are there for a reason and required, many applications and patches are required for security. Timely installation of any updates are critical to ensuring the POS system against any malware attacks.
Firewall Installation: To protect the POS system from outside attacks, Firewalls should be installed and utilized. There are a plethora of nasty’s out there including hackers, worms, viruses, and other forms and types of malware which are specifically designed to compromise a POS system. Firewalls prevent unauthorized access to – or from – a private network by screening out traffic.
Use of Antivirus: Restricting malware’s access to POS systems, antivirus programs function to recognize and block malicious malware from infiltrating the system. The owner should install any updates on an immediate basis, since most antivirus programs work by continual “definitions” and identifications.
Restrict Access to Internet: General internet use on POS systems can accidentally expose the computers or terminals to security threats. While some POS systems use Web-based applications for sales (such as fuel pumps, etc.), users should be restricted access to browsing, emailing, etc. The only usage should be in relation to POS-related activities
Disallow Remote Access: The owner or administrator of the POS system should disallow/disable the use of any remote access to the system. Remote access allows any user to log-in without being physically present. Cyber criminals can exploit the configurations of POS systems through remote access and gain access to these networks.