Five network. security. threats. and how to fight them

Transcription

1 Five network security threats and how to fight them

2 What s the cost of poor network security? Digital networks are now the backbone of every retail and hospitality operation. Every second of every day in-store voice and data networks are used to deliver a staggering level of business-critical data from purchase transactions, stock data and merchandising to promotions, health and safety alerts and of course customers personal details. But with the British Retail Consortium estimating the annual cost of retail cybercrime at 100m, there is a great deal at stake. Aside from the financial cost, any network security breach will almost certainly cause significant damage to an organisation s reputation. While it may seem that customers have short memories about such events, research shows the true cost of data loss. Here we take a closer look at specific cyber security threats and ways you can better protect your business.

3 1Threat: Vulnerable Wi-Fi network Wi-Fi has become a key retail and hospitality tool in recent years. Many organisations use Wi-Fi to connect in store POS and staff devices, while others offer free Wi- Fi to increase customers on-site dwell time. Wi-Fi networks are also increasingly relied upon to give customer-facing colleagues access to core apps and systems. Unfortunately, Wi-Fi is also a very attractive target for cyber criminals.

4 Hackers tactics Without sufficient Wi-Fi security a hacker can access a network and monitor data traffic, disrupt transactions and even launch a denial of service (DDOS) attack, stopping a store from trading altogether. A hacker can also set up a fake Wi-Fi hotspot on-site, tricking both staff and customers into logging on so the hacker can harvest personal details including identities and passwords. How to secure your Wi-Fi network Go beyond simple passwords: Multi-factor authentication such as tokens and push notifications sent to mobile phones are significantly more secure than traditional password access to Wi-Fi networks. Divide and secure your network: Make it difficult for hackers to move around if they manage to breach your Wi-Fi system. For example, if they ve accessed data stores this should not automatically give them access to your POS system. Each part of your system should be secured in isolation. Use automatic monitoring: Deploy software that can automatically monitor your network, looking for suspicious activity or strange data flows. Once alerted you can stop a potential attack before damage is done. What Vodat can do for you Our Wireless Intrusion Prevention System (WIPS) can scan your LAN network s radio spectrum looking for rogue access points set up by hackers to enter your system. Our WIPS can also spot excessive personal Wi-Fi use by employees, which can trigger security issues. The PCI Security Standards Council recommends the use of WIPS to automate wireless network scanning. This layer of security is also useful for monitoring network performance, and discovering access points with configuration errors. At Vodat International we are currently working with highly specialist security partners who are able to continuously monitor device behaviour, and spot threats across a network in real time. Vodat offers the solutions to provide robust security that is scalable, flexible and can be fully managed with 24/7 service and technical support. Get in touch to find out how we can help you protect your business. Educate your staff: Staff awareness of security issues and processes is a vital part of any strategy. Undertake regular training to ensure all understand what is expected of them.

5 2Threat: Weak POS Security In 2013 the EPOS system of US retailer Target was hacked, exposing 70 million customer records to criminals. In the wake of the attack both the Target CEO and CIO lost their jobs. With around 60% of all EPOS transactions paid by an electronic card the consequences of a security breach are potentially spectacular.

6 Hackers tactics First, a criminal must contaminate your EPOS system with a specific type of malware. With retailers and hospitality firms operating from multiple locations and various employees and third-party IT professionals accessing EPOS systems, this is a lot easier than you would imagine. Hackers can also attempt to do this remotely by hacking one of your online servers. Once malware has been introduced to your EPOS system it can automatically begin to harvest your customers card data as it passes through your system. The hacker can either use this information themselves or sell it on. How to secure your EPOS system Use end-to-end encryption: Leading EPOS terminal suppliers provide software designed to ensure your customers data is never exposed to hackers. It encrypts credit card details as soon as it is received by the POS device and again when it is despatched to the software s server. This means your customers data is never vulnerable no matter where a hacker may install malware. Install antivirus software on your EOPS system: Installing endpoint protection software on your device will ensure malware doesn t breach your system. Antivirus software will scan your device, identify suspicious files or apps and alert you immediately so you can remove them. What Vodat can do for you We make PCI DSS compliance easier: Vodat International s payment solution deploys a managed firewall at each merchant site, segmenting the PIN entry devices (PEDs) from the rest of the merchant s network and reducing cardholder data from the POS environment. This technique reduces scope for PCI DSS compliance, as PEDs are controlled from Vodat s data centres. We can also study your network: For an annual subscription, we can carry out a comprehensive assessment of your system, searching for weaknesses and ensuring you have unlimited PCI compliance. Vodat offers the solutions to provide robust security that is scalable, flexible and can be fully managed with 24/7 service and technical support. Get in touch to find out how we can help you protect your business. Isolate your EPOS terminals: There are lots of ways terminals can find themselves in the wrong hands: they can be stolen, lost by employees or simply left unattended. Hackers can then break into the device and view and steal customers details, especially if endto-end encryption hasn t been used. To avoid this, account for every terminal at the end of the day and store them in a secure location.

7 3Threat: Poor network configuration In the rush to secure your retail network the temptation is to focus on the obvious network entry points around your system s perimeter, where sensitive data is exchanged. However, it is also essential to think about what will happen if you do experience a breach.

8 Hackers tactics No network can ever be 100% secure from cyber attack. However, a pragmatic retailer will install measures that severely limit the chances of and the impact of a breach. Hackers generally look to infiltrate a soft target first, for example a contractors system or in-store Wi-Fi, before moving on to areas with sensitive business data. A common tactic is to target a contractor with a phishing to steal their log on credentials and then use these to infiltrate a network, for example breaching their POS system. How to optimise your network configuration Segment your network: Group applications and databases together depending on how sensitive or business critical they are and then keep them together on specific virtual local area networks within your system. Once important functionality is isolated it s possible to monitor usage more easily and strictly limit traffic. Role-based access: Simply put, you should only grant access to specific parts of your network to colleagues who need it. To achieve this an administrator should either approve or deny access rights based on an employee s function. For example, only customer service reps should be given access to customer profile information. What Vodat can do for you Vodat s fully managed network solution ensures that your network benefits from the securest configuration available. Our solution covers all areas of network functionality, from your branch routers to head office connection. We cover everything, so there is no need for you to monitor or resolve network problems. You can view your network using our web-based system if desired. Our solution is unique because it provides unified management of mobile devices, Macs, PCs and the entire network from a centralised dashboard. This means we can enforce device security policies, deploy software and apps, and perform remote, live troubleshooting on thousands of managed devices. At Vodat, we are dedicated to researching relevant retail technology and will continue to offer you the most cost effective solutions. Vodat offers the solutions to provide robust security that is scalable, flexible and can be fully managed with 24/7 service and technical support. Get in touch to find out how we can help you protect your business. Apply granular controls: Once your network is segmented you can finely tune your settings so that your system is optimised further. For example, fine tuning a rule that states Only customer service reps may access customer profiles to only customer reps that handle sales or refunds may access customer profile information.

9 4Threat: Inadequate staff education Cyber criminals often target the weakest point of a network, and in many instances, this may be the end user the employee. No matter how strong your security or how robust your network configuration, retailers and hospitality organisations are at risk of scoring an own goal if they don t give adequate training to their staff.

10 Hackers tactics Business compromise attacks involve sending scam messages to company employees in an attempt to extract sensitive information. This could include a fake from a director to a HR colleague requesting employee log in credentials. A lost or stolen mobile device, such as a laptop or smart phone can present a hacker with a treasure trove of opportunities. Hackers can target specific individuals they know will have access to sensitive data or the attack can be purely opportunistic. Giving your staff cyber security education Phishing attacks: It is possible to train your staff to recognise a phishing or a spam attack so that they can alert your IT department to prevent other colleagues from being tricked. You can also buy phishing simulator training that tries to trick employees into handing over sensitive information. The colleagues who fall for the fake s can then be offered extra cyber security training. Create an acceptable-use policy: Staff should be given clear guidance on what websites they re allowed to visit, what kinds of files they re allowed to download, and what kinds of Wi-Fi networks are safe. What Vodat can do for you Thanks to our Mobile Device Management solution your employees do not have to worry about regular routine device updates. Our solution automatically updates your entire estate of mobile devices with the latest security patches with the minimum of fuss. In support of your employee cyber security education, we can set up alerts reminding your staff of your acceptable internet use policy and also remind them not to use insecure Wi-Fi networks before they attempt to log on to public networks. Vodat offers the solutions to provide robust security that is scalable, flexible and can be fully managed with 24/7 service and technical support. Get in touch to find out how we can help you protect your business. Cultivate an open-door reporting culture: Your employees should be encouraged to report anything suspicious to IT, even if it resulted from clicking on a website or downloading a file they shouldn t have. It is in everyone s interest to encourage a culture in which employees can talk about potential threats without the risk of punishment. Manage mobile devices effectively: Make sure your employees know when to update their mobile devices to ensure they have the latest security updates and patches. Ensure they also know the importance of the physical security of their devices. This includes ensuring they are not left unattended and when unattended they are properly stored to reduce the risk of theft. Provide Wi-Fi training: You should underline the importance of only using password protected Wi-Fi networks in public. When employees are on smart phones and tablets they should always use the device s mobile data plan rather than an unknown and unsecured Wi-Fi network.

11 5Threat: GDPR noncompliance The collection, storage and use of customers data has just become much more challenging, as a result of the EU s General Data Protection Regulation (GDPR), which aims to give individuals back ownership and control of their personal information. This means companies must gain explicit consent from their customers to their personal data across multiple channels. Companies also need to understand why they are holding data, where it s stored, who is in charge of it, how secure it is, and what it s used for.

12 What s at stake? Retailers and hospitality companies that breach GDPR regulation face graded penalties depending on the severity of the case. The maximum fine is 4% of their annual global turnover, or 20 million, whichever is the highest. Less serious violations, such as having improper records, or failing to notify of any cyber security incidents, can attract a maximum fine of 2% of annual global turnover, or 10 million. Ensure you are GDPR compliant Create a comprehensive data log: Companies need to create one clear and comprehensive log of all the data they hold, including details of where it is stored. This includes understanding the systems used to store and process data, and how these systems work together. Improve security and create a data breach plan: Under GDPR, you must notify affected customers within 72 hours of a data breach. You must also be able to explain what happened, why, the risks customers have been exposed to and the next steps. This makes an effective, well-rehearsed data breach plan essential. Review current processes used to obtain consent: GDPR requires all companies to gain unambiguous, active, and explicit consent for the use of customers personal data. You also need to explain in simple language what data you have collected and what you use it for. Retailers and hospitality companies cannot use the data for any other purpose than has been agreed with the customer. Create processes allowing customers to access and download their data: Under GDPR, customers have the right to access, export and transfer their personal data if they wish (also known as data accessibility and data portability). In practice, this means companies must create processes that enable customers to download their own data within 30 days of a request. What Vodat can do for you We have created an area of the Vodat website to help guide you towards GDPR compliance. Our security experts: Detail five milestones in GDPR compliance Answer 12 of the questions most frequently asked by retailers and hospitality organisations Explain some of the big opportunities offered by GDPR Provide GDPR case studies Share compelling reasons why Vodat should be your GDPR partner Vodat offers the solutions to provide robust security that is scalable, flexible and can be fully managed with 24/7 service and technical support. Get in touch to find out how we can help you protect your business. Review all third-party contracts: Companies are likely to work with vendors or other third-party partners who act as data processors. Under GDPR, companies are accountable for how data is processed and used, but in the case of a data breach or misuse, retailer or hospitality organisation and vendor share the liability. This means that companies can still be fully liable if their data processor partners suffer data breach or misuse. It is the retailer s responsibility to clearly set out how the vendor should use the data, so you need to set out clear and comprehensive guidelines on data use for any third party. You should also review all the contracts they hold with these partners to ensure there are no accountability ambiguities.

13 Powering Retail Networks Web: Telephone: