Keeping hackers out of your POS!

543 views
461 views

Published on

Michael McKinnon, Security Advisor for AVG, shares his tips for staying secure in retail and POS environments, so retailers can protect themselves from cybercrime.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
543
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Keeping hackers out of your POS!

  1. 1. AVG.COM.AUAVG.CO.NZKeeping the hackers out of your POS!Michael McKinnon, AVG Security Advisor
  2. 2. What are we looking at today?AVG.COM.AU AVG.CO.NZ
  3. 3. Quick Overview 1.The Problem 2.Attack Vectors 3.Types of Attacks 4.SolutionsAVG.COM.AU AVG.CO.NZ
  4. 4. The ProblemUnlike shoplifters, cybercriminals set up camp and staythere, stealing from retailers for extended periods of time.
  5. 5. PC based POS systems • They are cheap, efficient and can be used for multiple purposes • However, the PC has become the POS security “battleground” + +AVG.COM.AU AVG.CO.NZ
  6. 6. Data breaches are still too easy! Source: Verizon Data Breach Investigations Report 2012AVG.COM.AU AVG.CO.NZ
  7. 7. Offline retail is the biggest cybercrime target Australian Retail Spend Offline Retail Online Retail 4% 96% Source: NAB Online Retails Sales Index – July 2012AVG.COM.AU AVG.CO.NZ
  8. 8. Infiltration of POS transaction data There are lots of examples in the news… Source: www.cio.com.au/article/436663/two_romanians_plead_guilty_point-of-sale_hacking/AVG.COM.AU AVG.CO.NZ
  9. 9. Attack VectorsThere are 6 ways cybercriminals can gain entry into your retailbusiness…
  10. 10. #1. Default passwords The user manual says: “Step 1. Change the default password” BUT, it is far too common that these are not changed, or they’re changed to someone else’s “default” password (which is widely known)AVG.COM.AU AVG.CO.NZ
  11. 11. Which password is the most secure? 1. E56#av+Yb! 2. Password123 3. aaaaaAAAAA#####43 4. 123456 5. lucasjamesAVG.COM.AU AVG.CO.NZ
  12. 12. Answer: aaaaaAAAAA#####43 But why? • 17 characters in length • Contains upper and lowercase letters • Contains numbers • Contains a symbol • There are 37 thousand billion billion billion possible combinations! Learn other tips to creating a secure password here.AVG.COM.AU AVG.CO.NZ
  13. 13. #2. Remote desktop access • Convenient and very common for providing remote support • But, often poorly implemented with weak passwordsAVG.COM.AU AVG.CO.NZ
  14. 14. #3. Insecure wireless networks • Wireless networks are convenient in retail environments, however when they’re poorly configured, they represent a huge security risk • Data packets can be “sniffed” by nearby attackersAVG.COM.AU AVG.CO.NZ
  15. 15. #4. Phishing, spear phishing & whaling • Phishing is the sending of specially crafted emails to trick users into divulging sensitive information. For example: “Click here to see the details of your order” –> (login page) • Handling email in a retail setting can be very dangerous!AVG.COM.AU AVG.CO.NZ
  16. 16. #5. Social engineering • Social engineering means that gaining access to someone’s computer only needs to be as hard as gaining their trust! • What do you give for a 10th wedding anniversary…? “I could have got her to click on anything I wanted!” • It’s about customer service vs customer honestyAVG.COM.AU AVG.CO.NZ
  17. 17. #6. Physical disclosure • Modern retail layouts often remove the traditional counter, exposing equipment to theft or tampering • Disclosure of the makes and models, or other identifying labels, can also compromise retailers • Physical loss is no.1 risk for secure mobile devicesAVG.COM.AU AVG.CO.NZ
  18. 18. Types of AttackMalware and hacking are the most common attack methods usedby cybercriminals.
  19. 19. Common types of attack Source: Verizon Data Breach Investigations Report 2012AVG.COM.AU AVG.CO.NZ
  20. 20. Malware & Trojans • Common varieties that cause general havoc include Fake Antivirus & ransomware • Retail / POS specific – “RAM scrapers” (designed to exflitrate transaction data) • Remote control Trojan or Rootkit (designed to remain hidden for future access)AVG.COM.AU AVG.CO.NZ
  21. 21. Hacking • When combined with custom written malware, hacking is highly- targeted and designed to avoid detection and remain in place for a long time • In 2011, Verizon reported that 81% of incidents utilised some form of hackingAVG.COM.AU AVG.CO.NZ
  22. 22. SolutionsYou may be surprised that security solutions are often simple andinexpensive.
  23. 23. The solutions are NOT expensive Source: Verizon Data Breach Investigations Report 2012AVG.COM.AU AVG.CO.NZ
  24. 24. Tips & suggestions 1. Use strong passwords and change the default ones 2. Secure remote access with strong authentication 3. All wireless networks should use “WPA” or “WPA2” 4. Avoid spam email – use an Anti-Spam solution 5. Increase staff awareness of social engineering tactics 6. Use endpoint protection on every device (antivirus and anti-malware) – AVG is a good choice!AVG.COM.AU AVG.CO.NZ
  25. 25. Follow the money • Cybercriminals tend to “follow the money” • This means the types of attack are often predictable: • Credit card data • Private customer information • Refund / returns policy • Bank accounts • Financial processesAVG.COM.AU AVG.CO.NZ
  26. 26. Talk to your IT provider & stay in the loop! • Ask them: “How are you keeping us secure?” • Sign up to vendor notification / update lists • Every six months, do a proper review of securityAVG.COM.AU AVG.CO.NZ
  27. 27. Thank you! For even more information on retail security, visit: avg.com.au/POS facebook.com/avgaunz avg.com.au avg.co.nz twitter.com/avgaunzAVG.COM.AU AVG.CO.NZ

×