Posts Tagged ‘Enhance IT Security’

New Form of Malware Catching Retailers Off Guard

Monday, August 25th, 2014

Last week, UPS announced that 51 of its stores were infected by point-of-sale (POS) malware that has been affecting other retailers across the U.S. In total, UPS estimates that approximately 105,000 POS transactions were comprised in the data breach, leaving many customers’ financial and contact information exposed, increasing their risk of identity theft and fraud.

POS malware, known as Backoff, was identified last week as having targeted a New Orleans restaurant, a much smaller retailer than UPS. On July 31, several government agencies sent out an alert about Backoff. The alert explained the risks that Backoff posed to U.S. businesses, including smaller merchants, and that this new form of malware was found to infect POS systems via access to a remote-access portal.

And just a few days ago, the U.S. Secret Service announced that an estimated 1,000 businesses have been infected by Backoff. Now the Department of Homeland Security is encouraging all businesses – no matter the size – to scan their POS systems to check for a possible compromise.

While these recent incidents may not affect you or your business directly, the discovery of this new form of malware should cause you to stop and assess your business’s IT security situation. Do you have the right security protocols in place to protect your business – and your customers – from a potential data breach?

How To Protect Your Business From A Data Breach

Your mind may be far from thinking about your business’s IT environment. You’re probably focused more on the day-to-day operations of your business and serving your customers. But think of protecting your business’s IT environment as one way of serving your customers. By protecting your IT systems, you are helping ensure that your customers’ personal and financial data is safe. Here are some ways you can protect your business’s IT environment:

  • Use End Point Protection monitoring to verify that all workstations are current on their virus definition files and OS patches.
  • Make sure all servers are patched with the most current operating system security patches.
  • Employ a vendor to complete penetration testing to find any open avenues to your network.
  • Consider implementing Intrusion Detection Systems (IDS) or Security Information & Event Management (SIEM) applications. Many companies utilize IDS/SIEM to monitor their incoming and outgoing network traffic. If the expense is too great or you don’t have qualified personnel, then consider a vendor to provide the service. Many vendors provide these services at a very reasonable price.
  • Review the Mitigation and Prevention Strategies of the Department of Homeland Security July 31, 2014, announcement of the Backoff malware.

The Cost of Protecting Your Customers

What cost is too much to protect my customers’ data? Only you can answer this question. UPS and the restaurant have chosen to pay for identity theft and credit monitoring services for customers who may have been affected from their data breaches (a data breach-related expense many companies don’t consider). But take that one step further. What cost is too much to protect my business’s reputation? In order for your company to survive in today’s digital world, it’s critical for your business to cultivate a culture of trust with your customers. Many businesses find that they’ll do what it takes to prevent security breaches. What will you do?

Want more IT tips? Check out other articles that provide best practices on how to secure your business’s IT environment.

Author: Joe Welker, CISA (New Philadelphia office)

 

Related Articles:

8 Tips For Crafting A Strong Password

Do You Know Who Has Access To Your IT Network?

How Can I Protect My Business From A Data Security Breach?

Share Button

Do You Know Who Has Access To Your IT Network?

Thursday, March 20th, 2014

You may find that your business relies heavily on the technical support provided by third-party hardware and software providers. But have you ever considered whether your vendors have direct access to your business’s internal IT network without having to gain permission from someone within your business? If you’re not positive about how to answer, then it’s probably time to do some digging to see if that’s the case or not. It’s possible that your vendor(s) has access to your business’s sensitive data and devices.  (more…)

Share Button

How Can You Prepare For The Retirement of Microsoft Windows XP?

Thursday, January 16th, 2014

You’ve probably heard by now about the Target data breach, but just this week other retailer data breaches during the 2013 holiday season have become known. In light of these broad, major data breaches, this is a great time to ask yourself: When was the last time you evaluated your business’s IT network? If this has been an area of your business that you’ve let slide, then let it slide no more!  (more…)

Share Button

What Are Some IT Audit Tips That Can Keep You off Santa’s Naughty List?

Thursday, December 19th, 2013

The end of the year is near, and it’s easy to get caught up in the excitement of the holidays. But don’t let that be an excuse to forget about your entity’s security and information technology (IT) operations. As you close out your year, here are seven areas and tips that can help you strengthen and further secure your entity’s IT environment – and keep you off Santa’s naughty list!  (more…)

Share Button