Tips for Making Your POS System Less Vulnerable to Cyber Attacks


January 2019


In just the last few years, the retail and hospitality industries have been prime targets for a multitude of cyberattacks. Point of sale (POS) systems have been particularly vulnerable, with debit and credit card readers being targeted in an effort to steal confidential financial information. While some of the most well-known victims of cyberattacks on POS systems have included Target and Home Depot, restaurant chains Chipotle, Chilis, and Applebees were also affected recently as a result of malware.

According to recent research from Symantec, the data on those POS Systems is fetching top dollar on dark net marketplaces: “Threat actors are advertising access to POS systems at prices ranging from $12 for administrative access to one POS machine, to $60,000 for access to a large corporate network containing thousands of POS servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and $175 per card.”

It’s not just large businesses that are at risk. Small business owners are just as vulnerable when it comes to malware on POS systems. When such an attack occurs, it can have a significant effect on the confidence of consumers about the safety of financial information at POS terminals, eventually affecting sales.


Steps to Prepare for and Reduce Your Risk of Exposure to a POS Cyberattack

While the increase in cyberattacks on POS systems can certainly be worrying to business owners, the good news is that there are steps that businesses can take to thwart cyber criminals from obtaining access to confidential financial data. A study by Accenture states, “Malware and web-based attacks are the two most costly attack types — companies spent an average of US $2.4 million in defense.”

One of the first and most important steps that businesses can take in the quest to protect their POS systems from cyberattacks is to take advantage of layers of defense. The Target breach, among the most widely publicized, began with an attacker using valid login credentials that had been previously authorized to a HVAC vendor. Whether or not the vendor inadvertently or willingly shared those credentials remains unclear.

The bottom line is that the login was authorized and authentic, thus giving the hacker the ability to attack the network with no resistance. While Target had an alerting system set up, it failed because both the login and the password used were on the approved list. For this reason, it is important to ensure that you do not simply rely on a single point of evaluation to protect your system. Closing all of the possible security loops is essential to ensuring the highest level of protection and preventing your POS system from becoming vulnerable to cyberattacks.

Begin by making certain that you have an incident response plan in place and that it is tested on a regular basis. In the event that you do become the victim of an attack, you want to make sure you are able to respond quickly and appropriately. Doing so can help mitigate damage and prevent customers from losing confidence in you.


Research Your Vulnerability to a POS Attack

Take the time to perform a sensitive data audit to help you learn which and how many instances of confidential and sensitive data actually exist on your network. This could include personally identifiable information as well as credit card data.

After performing the audit, be sure to remove any instances of sensitive data that are not authorized, thus minimizing your system’s exposure to risk. According to Accenture, “The most expensive component of a cyber-attack is information loss, which represents 43 percent of costs.”

While the number of cyberattacks on POS systems has been on the rise of late, taking a proactive approach can help you protect your business and your customers from would-be hackers.