Last year Malware-based attacks accounted for roughly a quarter of all successful data breaches, the number one reason was that businesses were neglecting IT security best practices at their retail outlets.
At time of writing, for the past three years, the retail and hospitality sectors have been the worst hit due to the ease in which electronic point of sale (EPoS) systems can be broken into.
You only have to read the comments from Darren Anstee, Global Solutions Architect Team Lead at Arbor Networks to understand the significance of any kind of breach.
"The departure of Target's CIO is further proof that data breaches of this magnitude have the most severe of consequences. A successful attack can attract significant media attention, see heads roll and result in serious reputational damage."
Anstee went on further to say,
"With the threat landscape evolving rapidly, Point of Sale (PoS) malware, such as Dexter, poses an increasing risk to retailers trying to protect their customers' credit and debit card data. It is all well and good Target doing an overhaul of its information security and compliance structure and practices now, but that process should be continuous to keep hackers at bay.
It is vital that organisations consider both mitigation strategies and response strategies, to minimise damage when an attack inevitably occurs. Ensuring that the risk of attacks like the Target one is minimised, will not only protect customer data and organisations' reputations, but also jobs at the top of the tree."
However with several key pieces of software retailers can quickly immunise their PoS systems.
‘Malware’ is used as a catch-all term for software designed to harm the end user. Malware does this in a variety of ways such as; stealing sensitive data, making the computer inoperable, creating pop-ups, spying on your usage habits.
Most of the truly vicious malware are classed as viruses, here are some tips to protect your IT network.
Install antivirus software
Antivirus software on all devices connected to your network is required, including BYOD devices that connect to the server (such as smart phones and tablets).
However antivirus software for smart phones has typically made the phone unusable due to the battery power drain caused by the software. One mobile antivirus software that you should look at is Lookout as it can provide defence without the associated battery problem.
Set up an email filter
Often malware is distributed through e-mail, minimise the risk of this by filtering emails with the file extensions BAT, CHM, COM, EXE, PIF, SCR, SHS,VBS. These files run code that will infect your system so do ensure your IT provider has set up appropriate email filters.
Follow IT security best practices
Create a set of policies that you and your staff will follow such as, always updating programs, changing passwords regularly, and not using work devices to download unverified files.
Spyware and adware are most commonly noticeable using a web browser as they often change the browsers homepage and creates pop-ups on websites where there are usually none. Spyware is, as the name would suggest, software designed to spy on the end-user. A device infected with spyware will transmit data to another remote user, this data can range from browser history to individual keystrokes, bank and credit card details.
Here are some tips to defend against Spyware:
- Don’t click on pop-ups: When faced with an unexpected pop-up many of us quickly click ‘yes’ or ‘accept’ to get rid of the pop-up instead click ‘no’ or ‘decline’ or look for the cross to close the window
- Research before you download: The internet is great for finding free software solutions, however before downloading the software make sure that the program is legitimate by searching for reviews
- Install anti-spyware software: There are a number of free anti-spyware programs and plug-ins out there. Install an ad blocker for your browser to prevent pop-ups and install a program like Spybot: Search & Destroy which will immunise your system
Protecting an IT network from Malware is a simple task however, many businesses are not using their knowledge of IT security in their retail environment.
As the consumers shopping experience blurs further with the online experience IT security in the retail environment is paramount to the continued success of a retailer.