The Christmas system
attacks at Target (Dexter virus) two
years ago and increased “skimming” techniques at a number of data terminals
around the US and other countries merit an updated and vigilant approach to
safe-guarding POS systems. To prevent
unauthorized access and increase the security of POS systems, the following
best practices should be followed by owners and operators:
Use Unique Account Names and Strong Passwords: On
initial setup, installers often use the default or simple account names and
passwords. These can be easily attained
by cybercriminals. Use complex account
names and passwords – case sensitive – which includes convoluted
variations. For example, from one of
Superman’s Enemies: MisterMxyzptlk (which
is quite arcane and relatively unknown) and a password such as: R&t)L$/Gs*. In addition, business owners are advised to
change account names on a regular basis.
Install Software Applications Updates: Just as the use of a computer, the updates
are there for a reason and required, many applications and patches are required
for security. Timely installation of any
updates are critical to ensuring the POS system against any malware attacks.
Firewall Installation:
To protect the POS system
from outside attacks, Firewalls should be installed and utilized. There are a plethora of nasty’s out there including
hackers, worms, viruses, and other forms and types of malware which are
specifically designed to compromise a POS system. Firewalls prevent unauthorized access to – or
from – a private network by screening out traffic.
Use of Antivirus: Restricting malware’s access to POS systems, antivirus programs function
to recognize and block malicious malware from infiltrating the system. The owner should install any updates on an
immediate basis, since most antivirus programs work by continual “definitions”
and identifications.
Restrict Access to Internet: General internet use on POS systems can
accidentally expose the computers or terminals to security threats. While some POS systems use Web-based
applications for sales (such as fuel pumps, etc.), users should be restricted
access to browsing, emailing, etc. The
only usage should be in relation to POS-related activities
Disallow Remote Access: The owner or administrator of the POS system should disallow/disable the
use of any remote access to the system.
Remote access allows any user to log-in without being physically
present. Cyber criminals can exploit the
configurations of POS systems through remote access and gain access to these
networks.