With the holiday shopping season fast approaching, the last thing retailers need is to worry about their payment security and whether they—and their customers—could become the victims of a breach. The threat is, and always will be, there. Take a peek at the Breach Level Index for a sobering look at some statistics.
Thankfully, your clients don’t have to become victims listed on the Breach Level Index. Indeed, there are some best practices you can follow that will keep retailers and their customers safe. Now is the perfect time to work through this holiday payment security checklist and prepare your retailers for the shopping season.
- Perform a network assessment. Use assessment tools to identify new hardware and software running on the network. Take the opportunity to identify unknown equipment and remove any old equipment that doesn’t need to be on the network.
- Ensure antivirus and antispyware are installed and up to date on all necessary devices.
- Ensure Wi-Fi is secure.
- Ensure a firewall is in place. Identify all open ports and ensure only necessary ports are open.
- Perform intrusion detection, penetration testing on the network. Once you think the network is secure, run a test with tools that simulate an attack.
- Ensure POS software is patched and updated. Check with software vendors concerning the latest patches, known issues and upcoming releases.
- Ensure operating systems and browsers are patched and updated.
- Double-check passwords. Ensure that administrative passwords aren’t set to default and that your customers avoid weak passwords. Consider enforcing a password change across all users and systems now.
- Teach email security basics. Social engineering techniques such as email phishing schemes have an unfortunately high success rate. Teach your customers what to look for in a legitimate email and best practices for identifying potentially harmful messages and links.
- Prevent unauthorized access to payment devices. Ensure mobile tablets and payment terminals are securely stored when not in use to prevent tampering.
- Ensure tablets are in their most secured state. USB debugging mode should be disabled, and rooted devices shouldn’t be used at all. All software security patches should be installed.
- Ensure that only trusted software and apps are installed. Ask what minimum software is needed to support business operations and take payments. Anything else can be disabled or removed.
- Disable any communication capabilities not necessary for the functioning of the payment device. For example, if your customers don’t accept NFC payments, disable the functionality. However, you should probably encourage your customers to accept mobile wallets before turning off that functionality.
- Replace old outdated equipment. Now’s a great time to identify old hardware and software that could cause slowdowns or, worse, downtime during peak shopping times. Be sure to dispose of old equipment properly to keep it out of the hands of criminals.
If any of these actions are outside your comfort zone, Ingram Micro can help. Contact Daryl Schuster to learn more about POS hardware, software, payment devices (mobile and traditional), network assessments, security and more.