Point of Sale Breaches - why do we insist on making them so easy?

By Ron Culler, CTO, Secure Designs Inc.

Every day we hear of yet another retailer that has experienced an embarrassing breach or data exposure. Target, P.F. Chang's, Goodwill, Supervalu, Michaels, UPS Stores, Home Depot, eBay, Equifax, Marriott: the list could go on and on.


These attacks are not necessarily the work of criminal masterminds but are often just opportunistic crimes, casually committed by would-be hackers who are trawling for an easy entry point to any network – it doesn't matter which.


It's the equivalent of the guy casually walking through a parking lot, checking car doors to see which ones are unlocked or don't have alarms. If pickings are slim in one lot, they move to the next. That's what's happening to retailers. Hackers scan for unsecure remote access applications or use remote access malware, and if they don't see anything promising will move to the next block of addresses. And if that doesn't work, no worries: there are always a few billion other address blocks they can check.


Yes, we can blame the retailers to a large extent, but really these breaches represent a collective carelessness for which we are all responsible. Far too many people leave their networks unprotected and their online access unlocked. It's just my home computer, you say? In fact it's a gold mine of information just sitting there to be taken, and much of that information belongs to other people than you – friends, family, colleagues, your place of employment. The bad guys are always there, simply helping themselves to what's available. If a zookeeper doesn't shut the door to the tiger's cage, it's sad but not surprising if someone gets hurt.


With cars or buildings you take care not to leave doors or windows open, close the blinds to prevent snooping, set an alarm and ask a neighbor to watch out for suspicious activity if you're not around. Why wouldn't you do this, or the easier electronic equivalent, for your most important asset – your data?


It doesn't have to be this way. Whether you are self employed, a small business owner, or a supplier to a larger business, all that's needed is to take some easy security steps that remain the best form of protection despite the changing nature of cyber threats. The three simple rules are:


If the world doesn't need to see it, put it behind an encrypted private network (VPN) connection

If the computer only needs to talk to a limited number of systems or locations on the Internet, restrict access to those systems only.

Keep a watchful eye your own network. Does anything seem out of the ordinary? Check it out, fast.

It may sound complicated, but it's not. Few of us are security experts and, for the less technically inclined, the simple and affordable is to appoint a micro or small business managed security provider to do it for you. For a surprisingly small monthly sum, they'll set up your system to repel all hackers, put your private information behind a strong firewall, and make sure that you're informed about any attempts to hijack your online data. It's the online equivalent of a comprehensive physical security system, managed 24-7-365.