Don't Allow Your POS To Be A Victim Of A Hack Attack

North Country Business Products, a point-of-sale (POS) terminal and network provider in Minnesota, recently announced that a "data security incident" earlier this year disclosed customer information ranging from credit card holder names and numbers, to expiration dates and CVVs. The hack occurred at more than 120 of its restaurant customers located across the Midwest and West regions.

Unfortunately, this is a scene that's playing out at businesses all too often across the world. There are specific vulnerabilities facing POS systems for restaurants and other small businesses, and it's imperative for operators to guard against such threats.

Francis Dinha, CEO of OpenVPN and POS security expert, offers the following insight on POS system security:

What is it about POS systems that makes them so attractive to hackers?
POS systems are particularly attractive to hackers because they offer a major payoff with relatively little work. These systems contain some of the most valuable consumer information out there -- financial, business, and credit -- and often, a hacker needs only to break through a single point of vulnerability on a POS system in order to access this expansive trove of data.

What makes them so vulnerable to attacks?
POS systems come with a lot of vulnerabilities, not the least of which is how infrequently they're updated. Many companies avoid updating their POS systems to avoid the hassle, which leaves those systems unpatched and exposed to attacks. Plus, POS systems are often connected to a weak network; that is, they're often connected to the same network that all your other applications are on. This means that if any application becomes compromised, your POS system is equally compromised. These vulnerabilities, combined with the relatively lucrative payout this kind of attack offers, make POS systems unfortunately prone to attack by malicious actors.

What kinds of attacks are regularly launched against POS systems?
Malware is a common strategy used to compromise POS systems, especially since many systems run on a common OS like Windows or Linux -- which means they can often be affected by malware specifically designed for those OS's, especially if they're not updated. That kind of malware packaging is, unfortunately, all too readily available to malicious actors. After the hacker has access to the system, phishing is another common tactic of further extracting valuable information, so educating your team on the risks and signs of phishing can be a valuable way to mitigate that risk.

How should owners guard their POS systems against attack?
First of all, make sure your network and OS are always up to date. Don't put off patches or updates for the sake of budget or convenience. These are absolutely essential. Second, make sure you change all passwords from the default. This might sound simple enough, but especially when it comes to IoT (Internet of Things), users often leave hardware with the original, default password that's relatively simple for hackers to crack. Lastly, make sure your POS system is on a separate network than the rest of your business through tools like a verified virtual private network that keep the data separate from the rest of your online activity. The more points of access you have for your POS systems, the more they're at risk -- so minimize that risk with a completely separate network.