Posts Tagged ‘Small Business Fraud’

New Form of Malware Catching Retailers Off Guard

Monday, August 25th, 2014

Last week, UPS announced that 51 of its stores were infected by point-of-sale (POS) malware that has been affecting other retailers across the U.S. In total, UPS estimates that approximately 105,000 POS transactions were comprised in the data breach, leaving many customers’ financial and contact information exposed, increasing their risk of identity theft and fraud.

POS malware, known as Backoff, was identified last week as having targeted a New Orleans restaurant, a much smaller retailer than UPS. On July 31, several government agencies sent out an alert about Backoff. The alert explained the risks that Backoff posed to U.S. businesses, including smaller merchants, and that this new form of malware was found to infect POS systems via access to a remote-access portal.

And just a few days ago, the U.S. Secret Service announced that an estimated 1,000 businesses have been infected by Backoff. Now the Department of Homeland Security is encouraging all businesses – no matter the size – to scan their POS systems to check for a possible compromise.

While these recent incidents may not affect you or your business directly, the discovery of this new form of malware should cause you to stop and assess your business’s IT security situation. Do you have the right security protocols in place to protect your business – and your customers – from a potential data breach?

How To Protect Your Business From A Data Breach

Your mind may be far from thinking about your business’s IT environment. You’re probably focused more on the day-to-day operations of your business and serving your customers. But think of protecting your business’s IT environment as one way of serving your customers. By protecting your IT systems, you are helping ensure that your customers’ personal and financial data is safe. Here are some ways you can protect your business’s IT environment:

  • Use End Point Protection monitoring to verify that all workstations are current on their virus definition files and OS patches.
  • Make sure all servers are patched with the most current operating system security patches.
  • Employ a vendor to complete penetration testing to find any open avenues to your network.
  • Consider implementing Intrusion Detection Systems (IDS) or Security Information & Event Management (SIEM) applications. Many companies utilize IDS/SIEM to monitor their incoming and outgoing network traffic. If the expense is too great or you don’t have qualified personnel, then consider a vendor to provide the service. Many vendors provide these services at a very reasonable price.
  • Review the Mitigation and Prevention Strategies of the Department of Homeland Security July 31, 2014, announcement of the Backoff malware.

The Cost of Protecting Your Customers

What cost is too much to protect my customers’ data? Only you can answer this question. UPS and the restaurant have chosen to pay for identity theft and credit monitoring services for customers who may have been affected from their data breaches (a data breach-related expense many companies don’t consider). But take that one step further. What cost is too much to protect my business’s reputation? In order for your company to survive in today’s digital world, it’s critical for your business to cultivate a culture of trust with your customers. Many businesses find that they’ll do what it takes to prevent security breaches. What will you do?

Want more IT tips? Check out other articles that provide best practices on how to secure your business’s IT environment.

Author: Joe Welker, CISA (New Philadelphia office)

 

Related Articles:

8 Tips For Crafting A Strong Password

Do You Know Who Has Access To Your IT Network?

How Can I Protect My Business From A Data Security Breach?

Share Button

What Are The Top 10 Signs Your Business’s Internal Controls Aren’t Strong?

Friday, November 8th, 2013

Internal controls are procedures that companies develop to safeguard their assets and to produce accurate, reliable financial statements. When a company doesn’t have strong internal control procedures, fraud can occur much easier. Other issues that can arise include inaccurate financial statements, the inability to find certain documents such as invoices or purchase orders, or a higher than usual number of customer complaints.  (more…)

Share Button

Does Your Company Have Solid Internal Controls?

Thursday, October 24th, 2013

Let’s admit it… we all want to be able to trust other people. And we generally do…until we’re proven wrong. Owners of small, family-owned businesses are no different, and must put their trust in someone to handle their revenue, disbursements, payroll and inventory, among other financial functions.  (more…)

Share Button