Last week, UPS announced that 51 of its stores were infected by point-of-sale (POS) malware that has been affecting other retailers across the U.S. In total, UPS estimates that approximately 105,000 POS transactions were comprised in the data breach, leaving many customers’ financial and contact information exposed, increasing their risk of identity theft and fraud.
POS malware, known as Backoff, was identified last week as having targeted a New Orleans restaurant, a much smaller retailer than UPS. On July 31, several government agencies sent out an alert about Backoff. The alert explained the risks that Backoff posed to U.S. businesses, including smaller merchants, and that this new form of malware was found to infect POS systems via access to a remote-access portal.
And just a few days ago, the U.S. Secret Service announced that an estimated 1,000 businesses have been infected by Backoff. Now the Department of Homeland Security is encouraging all businesses – no matter the size – to scan their POS systems to check for a possible compromise.
While these recent incidents may not affect you or your business directly, the discovery of this new form of malware should cause you to stop and assess your business’s IT security situation. Do you have the right security protocols in place to protect your business – and your customers – from a potential data breach?
How To Protect Your Business From A Data Breach
Your mind may be far from thinking about your business’s IT environment. You’re probably focused more on the day-to-day operations of your business and serving your customers. But think of protecting your business’s IT environment as one way of serving your customers. By protecting your IT systems, you are helping ensure that your customers’ personal and financial data is safe. Here are some ways you can protect your business’s IT environment:
- Use End Point Protection monitoring to verify that all workstations are current on their virus definition files and OS patches.
- Make sure all servers are patched with the most current operating system security patches.
- Employ a vendor to complete penetration testing to find any open avenues to your network.
- Consider implementing Intrusion Detection Systems (IDS) or Security Information & Event Management (SIEM) applications. Many companies utilize IDS/SIEM to monitor their incoming and outgoing network traffic. If the expense is too great or you don’t have qualified personnel, then consider a vendor to provide the service. Many vendors provide these services at a very reasonable price.
- Review the Mitigation and Prevention Strategies of the Department of Homeland Security July 31, 2014, announcement of the Backoff malware.
The Cost of Protecting Your Customers
What cost is too much to protect my customers’ data? Only you can answer this question. UPS and the restaurant have chosen to pay for identity theft and credit monitoring services for customers who may have been affected from their data breaches (a data breach-related expense many companies don’t consider). But take that one step further. What cost is too much to protect my business’s reputation? In order for your company to survive in today’s digital world, it’s critical for your business to cultivate a culture of trust with your customers. Many businesses find that they’ll do what it takes to prevent security breaches. What will you do?
Want more IT tips? Check out other articles that provide best practices on how to secure your business’s IT environment.
Author: Joe Welker, CISA (New Philadelphia office)