Back in March, US restaurant chain Applebee’s announced that a malware attack left payment card information exposed on point-of-sale (POS) systems across more than 160 of their restaurants, although we can't confirm any of the five Dallas locations were affected. The attack was carried out over at least a month and also struck several other American businesses, including the Intercontinental Group and the Hard Rock Hotels and Casinos franchise.
These attacks show an alarming rise in hackers going after vulnerable systems used for making payments, which work by installing malicious software on a POS system to read and relay payment information stored in the device’s memory. Here are a few things your business can learn from these data breaches before it’s too late:
#1. Get the Word Out Fast
If you believe your systems have been compromised, the first thing you need to do is notify the authorities. Disclosing a data breach is a legal requirement in the US and failing to do so can lead to enormous fines. As tempting as it is to downplay the severity of a breach, it's also essential for the sake of your reputation and customer relations that you be transparent. A data breach can do untold damage to your company, but things will be exponentially worse if you’re not honest with your customers.
#2. Update Your Systems
Many businesses take their POS systems for granted. However, just because they appear to be doing their job just fine doesn’t mean they’re invulnerable to an attack. If your hardware or software is no longer supported by the manufacturer, for example, critical security updates won't be released to protect it from the latest cyberattacks. Not only should you immediately replace systems that are no longer supported, you will also need to ensure newer systems are continually updated to patch any potential vulnerabilities.
#3. Implement Network Defenses
Keeping your systems updated is one thing, but your first goal should be to prevent malicious software and hackers from entering your network in the first place. That’s why every business should implement additional layers of security in the form of intelligent firewalls that recognize never-before-seen threats. Just like desktop computers, POS systems need to have the latest antivirus installed, and you should use full, end-to-end encryption to make data transmitted between the device and the internet unreadable.
#4. Reinforce Your Security Policies
The threat landscape is changing all the time. New technologies introduce new vulnerabilities and exploits while manufacturers cease supporting older devices, thus leaving them vulnerable too. The most dangerous threats are the ones that appear from nowhere, catching people off guard. Every business needs to approach cybersecurity as a constantly evolving and dynamic strategy in which security policies are regularly reviewed and staff are kept informed about the latest threats.
#5. Improve Your Staff Training Procedures
The Applebee’s breach is just one of the latest in a long line of attacks on vulnerable POS systems, and it certainly won’t be the last. Fortunately for your business, every successful cyberattack (that doesn’t target you directly) also presents a learning opportunity to keep your organization safer in the future.
Sure, your employees might not be technology experts themselves, but that doesn’t mean they shouldn’t be aware of your security policies and the reasons they exist. To reduce your chances of becoming the next victim, be sure to regularly train your staff and get security experts on your side so that you’re ready for the next big threat.
Protecting your business from digital threats is a lot more complicated than it used to be. That’s why Qoverage is here to help with cutting-edge network security solutions that are available morning, noon, and night -- 365 days a year. Contact us today if you want to make technology work for you rather than against you.