5 Lessons to Learn from a Restaurant POS Security Breach
With all of the day-to-day responsibilities that come with operating a restaurant, it’s easy to forget about the security of your establishment’s POS system. With POS security breaches due to hackers and malware on the rise, restaurant owners, operators, and managers must be as vigilant as ever to protect their business and customers from a data security breach.
Here are five lessons we can learn from a restaurant POS security breach:
Lesson 1: Endpoint Security Matters. Any POS terminal with an IP address and a connection to a business’s network is as vulnerable to compromise as all the other pieces of equipment in that network. So, too, is any standalone POS terminal that links directly to the internet.
That’s why every retail endpoint security management plan must take POS security into account and include provisions for guarding access to data maintained in the POS system. What’s endpoint security management? In a nutshell, it’s a policy-based approach to network security in which endpoint devices —including POS systems, tablets, laptops, and smartphones—must comply with specific criteria before they can connect to the network. Endpoint security software should also extend to cover POS terminals.
Lesson 2: You Can’t Neglect POS System Security. Many POS security experts will tell you that POS devices are typically where you’ll find the highest volume of vulnerabilities to data breaches, including credit card data breaches.
Common mistakes when it comes to maintaining optimal POS Security in a restaurant environment include: the use of weak passwords, no passwords, or passwords that have remained unchanged for many months or even years; overlooking necessary software patches; the configuration of back-of-house servers for remote access that allows POS terminals to be used for purposes other than handling sales (like playing games and browsing the internet); and failure to utilize address verification (AV) software that detects the presence of memory-scraping malware.
Regardless of why so many vulnerabilities exist, all restaurant and hospitality owners need to take a conscientious approach to password management. Other must-dos include: requiring employees to “get off the computer”—unless it’s for business purposes; establishing a process for managing third-party security; and abolishing the use of programs that are known security risks (a trusted POS vendor can provide you with a list of these easy-to-crack programs, and advise you on how to proceed with necessary software updates).
Lesson 3: Testing is a Big Deal. It’s not only okay to be obsessive about testing your POS systems for vulnerabilities and compromises to; it’s essential. Regular scanning is the most effective way to determine whether your systems are at risk or have already been compromised. If you don’t have the resources to accomplish this in-house, a security vendor can remotely scan all of your external systems access points and assess whether any are vulnerable to intrusion.
Lesson 4: An Incident-Response Plan is Crucial. Some restaurant operators that have been hit with POS security breaches had no idea how to react to them. Don’t follow in their footsteps. Put together an incident response plan that spells out what you consider to be an “incident” and the steps you’ll take to handle it.
Lesson 5: In POS Security, There’s No Rest for the Weary. Difficult as it may be to believe, some operators have become members of the “Serial Data Breach Victims Club.” It goes without saying that if your systems are hacked once, you’ll correct the vulnerabilities—but continued vigilance, even after multiple clean scans—is non-negotiable.
With the expertise of a trusted vendor and a well-laid endpoint security management strategy, you can avoid the common missteps that lead to a POS security breach. If you have concerns about the state of your POS system or are considering an upgrade for your establishment, contact one of the knowledgeable point of sale experts at Leebro POS at 1-888-533-2761.