Last week, we talked about the RawPOS Malware that has been affecting Windows-based point-of-sale devices, and we passed along some tips for upgrading, and guarding, against such attacks on you, and your customers.
This week, we finish up our “pointers” for helping you keep all your gear secure. Here are both “the basics,” and a little beyond the “basics,” to maximize transaction security:
- Strong passwords: It’s hard to emphasize how important, and how routinely overlooked, this step is. Perhaps you saw our recent blog post about hacked voting machines. Passwords used were things like “admin” and “abcde.” Don’t let these be your passwords.
- Unique passwords for every system: Not just your POS systems! The other “Achilles heel” is thinking a password is so unique, it should be used for everything! Once a single password is hacked, the “password” then becomes a “passport.”
- Keep “Users” and “Admins” separate: Generally speaking, don’t allow every user to be a local “Admin” to POS systems. Keep those logins — and that access — separate.
- Got good passwords? Now Change ‘em! Yes, we know. You didn’t want to have to think about passwords this much. You’ve got good ones. Now change — or at least tweak — them, every 90 days or so.
- Let POS be POS: Make sure your POS devices serve only for point-of-sale. Hazards and hackery increase if POS machines are also used for other systems.
- Keep the OS Updated — and “O’ing!”: Make sure your Operating System keeps Operating at its best, and most secure, by installing all updates and patches as they’re available.
- Restrict permissions and access: Consider disabling file sharing, or at least restric permissions on Windows file sharing, and remote access services.
- Promote security awareness: This last is a little more ephemeral. There’s not a specific thing to do, but rather many things — all depending on the size of your company and workplace, and the ways information are shared. Don’t just keep security as an “IT” issue. Share information like this blog post — and anything similar — so that everyone is update on being as “breach-free” as humanly — and as digitally! — possible.
Not that your IT crew doesn’t work hard. In fact, you can get an alert from Visa on RawPOS malware, too. That includes HASH values allowing you to compare system files and detect “disturbances in the force,” as it were. Or at least files that shouldn’t be there.
However, the amount of coding included in the alert should be left to the good offices of those IT folks. But the VISA PDF could be handy if you’d like your IT Dept. to undertake an overview of your POS Security at the present moment.
You can find the file right here, if you’re ready for that security review.
Summer beckons: Graduations, celebrations, travel. Your customers will be busy, and buying. Help them do it securely.
See you in a week!