During the holiday season, an inevitable shopping fever takes hold, commanding the attention of buyers and retailers alike. Cybercriminals and scammers take advantage of the focus on retail, so if you are a seller, pay special attention to cybersecurity from Black Friday until the end of the holidays.
Point-of-sale (PoS) systems have always been a weak spot for chain stores. Their performance requirements for normal operations are low, so they are often based on old computers running obsolete OSes. Their operators are afraid to create additional load by installing a security solution, so the systems are insecure. Meanwhile, POS systems, which work directly with payment cards, naturally attract attackers. According to our annual IT security risk survey, 18% of companies suffered attacks exploiting vulnerabilities in POS systems.
Trojan malware that penetrates your POS systems compromises all of your clients’ payment data. However, Trojans are not the only threat. Malicious software can sabotage the work of automatic cash registers as well. For a large retail facility, this can result in considerable damage, both to finances and to reputation.
Do not forget about distributed-denial-of-service (DDoS) attacks, either. They can cause problems not only for your website, but also for internal systems — for example, POS systems and POS terminals. After all, to complete a transaction, those systems need two-way communication with the bank. So if DDoS overloads your communication channel, then payments will simply not be processed.
Phishing mail-outs and websites
Yes, phishing directly threatens your customers, not you. If someone tries to deceive your customers by hiding behind your name, then the customers will lose money. However, phishing can still negatively affect your reputation. In addition, the more money your customers lose, the less they will spend on your goods.
We offer some tips that can be relevant year-round but are particularly important during times of heavy shopping.
- Keep your e-commerce system and operating systems updated, and make sure they do not contain already known vulnerabilities.
- Install effective security solutions on all computers in your network.
- Protect POS terminals with a specialized solution that can work on obsolete equipment.
- Be prepared for DDoS attacks; employ reliable DDoS-protection service.
- Arrange an audit of your corporate network to detect vulnerabilities.
- Check your site for the presence of online skimmers and weaknesses.
- Recommend your customers use reliable security solutions that will minimize the threat of phishing attacks.
(From Kaspersky blog).