In a little bit of irony, a few days after the Hospitality Technology website ran an article called “3 Lessons on POS Security,” gleaned from the safe practices and hard won lessons of various hotels, came word that the Dallas-based Omni Hotel chain was hit by a breach that may affect upwards of 50,000 customers, at 49 of its 60 locations.
According to the Dallas Morning News, “several forms of personal payment information were taken during the malware attack, including credit and debit card numbers, cardholder names, security codes and expiration dates. Debit card PINs and customer contact information was not revealed during the breach.
“The company has not said which of its North American locations was affected. There is no evidence the breach impacted the company’s online reservation system, which means only customers who used their cards at the register would be affected by the hack.”
Evidently, then, the folks at Omni weren’t deploying some of the very tips touted at the HT website — yet tips so good, they can apply to pretty much any retailer, including you!
For example, according to the article, one reason POS devices so easy to hack is that “many of them use the Windows XP Embedded operating system (OS), which Microsoft barely supports. Although the support of Windows Embedded POSReady 2009 has been extended till 2019, it doesn’t receive regular security updates, nor is it compatible with many modern anti-malware solutions. As long as companies have these legacy POS systems in place, they will remain wide open for attack.”
The fix, then, would be to actually upgrade any OS’s in your POS devices that haven’t been, yet. Need help in that department? Just get in touch with your AVPS Representative!
Among HT’s other tips:
- Use strong passwords! “Obviously,” HT says, “cracking a simple password is one of the easiest and quickest methods of a cyberattack. For this reason it’s vital for organizations to enforce a strong password policy, which would include requirements for two-factor authentication and regular password changes, especially for the administrator accounts on operating systems and POS applications.”
- Know, like the Marvin Gaye song, “What’s Going On” Make sure, HT reminds us that “you know who has access to POS service accounts used for maintenance and configuration changes. Restrict administrator access only to the systems over which they require control to perform their duties. Regularly check that the access to POS systems is limited to certain individuals.” And of course, monitors systems for unusual activities, suspicious “spikes,” etc.
One of our correspondents, meanwhile, will be in the Texas area toward the end of the month. If we see any unsecure POS devices on the road, we’ll let you know.
But get everything you and your customers use upgraded and secured right now, through AVPS.