Category Archives: Point-of-Sale (POS) Systems

5 More Retail Cybersecurity Practices to Keep Your Data Safe Beyond the Holidays

This is the second article in a two-part series about retail cybersecurity during the holidays. Read part one for the full list of recommendations.

The holiday shopping season offers myriad opportunities for threat actors to exploit human nature and piggyback on the rush to buy and sell products in massive quantities online. Our previous post covered some network security basics for retailers. Let’s take a closer look at how retailers can properly configure and monitor their networks to help mitigate cyberattacks and provide customers with a safe shopping experience during the holiday season.

1. Take a Baseline Measurement of Your Network Traffic

Baselining is the process of measuring normal amounts of traffic over a period of days or even weeks to discern any suspicious traffic peaks or patterns that could reveal an evolving attack.

Network traffic measurements should be taken during regular business hours as well as after hours to cover the organization’s varying activity phases. As long as the initial baseline is taken during a period when traffic is normal, the data can be considered reliable. An intrusion detection system (IDS) or intrusion prevention system (IPS) can then assist with detecting abnormal traffic volumes — for example, when an intruder is exfiltrating large amounts of data when offices are closed.

Below are some factors to consider when performing a baseline measurement that could be helpful in detecting anomalies:

  • Baseline traffic on a regular basis.
  • Look for atypical traffic during both regular and irregular times (e.g., after hours).
  • Set alarms on an IDS/IPS for high and low thresholds to automate this process. Writing signatures specific to your company’s needs is a key element to an IDS/IPS working effectively and should be carried out by trained security specialists to avoid false alarms.
  • Investigate any discrepancies upon initial discovery and adjust thresholds accordingly.
  • Consider using an endpoint detection and response (EDR) solution to help security teams better identify threats, and to allow operations teams to remediate endpoints quickly and at scale.

Listen to the podcast: Examining the State of Retail Security

2. Run a Penetration Test Before It’s Too Late

A key preventative measure for retailers with a more mature security posture is running a penetration test. Simply put, the organization’s security team can allow a white hat hacker, or penetration tester, to manually try to compromise assets using the same tactics, techniques and procedures (TTPs) as criminal attackers. This is done to ascertain whether protections applied by the organization are indeed working as planned and to find any unknown vulnerabilities that could enable a criminal to compromise a high-value asset.

Manual testing should be performed in addition to automated scanning. Whereas automated tools can find known vulnerabilities, manual testing finds the unknown vulnerabilities that tools alone cannot find. Manual testing also targets the systems, pieces of information and vulnerabilities most appealing to an attacker, and specifically focuses on attempting to exploit not just technical vulnerabilities within a system, but business logic errors and other functionality that, when used improperly, can grant unintended access and/or expose sensitive data.

The key to a penetration test is to begin by assessing vulnerabilities and addressing as many of them as possible prior to the test. Then, after controls are in place, decide on the type of test to carry out. Will it be a black box test, where the testers receive no information about the target’s code and schematics? Or will it be a white box test, where organizations fully disclose information about the target to give the tester full knowledge of how the system or application is intended to work? Will it be in a very specific scope and only include customer-facing applications?

It can be helpful to scope a penetration test by taking the following three steps prior to launching the testing period:

  1. Establish goals for the testing. Since penetration testing is intended to simulate a real-world attack, consider scenarios that are relevant to your organization. Giving thought to what type of data is at risk or what type of attacker you’re trying to simulate will allow the testers to more closely approximate threats relevant to your organization.
  2. Draft a thorough contract to state the expectations and scope of the project. For example, if there are specific areas a penetration tester should not access based on criticality or sensitivity, such as production servers or credit card data, outline these points in the contract. Also, define whether the penetration testers should attempt to compromise both physical access and remote access to compromise networks, or if just one is preferred. Consider if you wish to have social engineering included within the test as well.
  3. Have the vendor and its employees sign nondisclosure agreements (NDAs) to keep their findings confidential and ensure their exclusive use by the organization.

Penetration testers from reputable companies are thoroughly vetted before being allowed to conduct these tests. The retail industry can benefit from this type of testing because it mimics the actions of a threat actor and can reveal specific weaknesses about an organization. It can even uncover deficiencies in staff training and operational procedures if social engineering is included within the scope of the testing.

3. Check Your Log Files for Anomalies

Log data collected by different systems throughout an organization is critical in investigating and responding to attacks. Bad actors know this and, if they manage to breach an organization and gain elevated privileges, will work to cover up their tracks by tampering with logs.

According to IBM X-Force Incident Response and Intelligence Services (IRIS) research, one of the most common tactics malicious actors employ is post-intrusion log manipulation. In looking to keep their actions concealed, attackers will attempt to manipulate or delete entries, or inject fake entries, from log files. Compromising the integrity of security logs can delay defenders’ efforts to find out about malicious activity. Additional controls and log monitoring can help security teams avoid this situation.

Below are some helpful tips and examples of security logs that must be checked to determine whether anything is out of the ordinary.

  • Are your logs being tampered with? Look for altered timestamps, missing entries, additional or duplicate entries, and anomalous login attempts.
  • Transfer old log files to a restricted zone on your network. This can help preserve the data and create space for logs being generated overnight.
  • Use a security information and event management (SIEM) tool to assist with analyzing logs and identifying anomalies reported by your organization’s security controls.
  • To include as many sources of information as possible, plug in endpoint, server, network, transaction and security logs for analysis by a SIEM system. Look for red flags such as multiple failed logins, denied access to sensitive areas, ping sweeps, etc.

Knowing which logs to investigate is also critical to successful log analysis. For example, point-of-sale (POS) systems are often installed on Microsoft Windows or Linux systems. It is therefore critical to review operating system logs for these particular endpoints. When it comes to POS networks, where many of the devices are decentralized, daily usage, security and application logs are good places to look for anomalies.

For network security, use logs from network appliances to determine failed or excessive login attempts, increases or decreases in traffic flow, and unauthorized access by users with inadequate privilege levels.

4. Balance Your Network and Website Traffic

According to the National Retail Federation, online sales from November and December 2017 generated more than $138.4 billion, topping 2016 sales by 11.5 percent. This year is likely going to set its own record. With internet traffic volumes expected to be at their highest, online retailers that are unprepared could see the loss of sales and damaged reputation in the aftermath of the holiday season.

But preparing for extra shoppers is the least of retailers’ worries; attackers may take advantage of the festive time of year to extort money by launching distributed denial-of-service (DDoS) attacks against retail websites. These attacks work by flooding a website or network with more traffic than it can handle, causing it to cease accepting requests and stop responding.

To stay ahead of such attacks, online retailers can opt to use designated controls such as load balancers. Load balancers are an integral part of preventing DDoS attacks, which can affect POS systems storewide. With a well-coordinated DDoS attack, a malicious actor could shut down large parts of their target’s networks.

One best practice is to prepare before traffic peaks. Below are some additional tips for a more balanced holiday season.

  • Preventing a DDoS attack can be an imposing undertaking, but with a load balancing device, most of this work can be automated.
  • Load balancers can be either hardware devices or virtual balancers that work to distribute traffic as efficiently as possible and route it to the server or node that can best serve the customer at that given moment. In cases of high traffic, it may take several load balancers to do the work, so evaluate and balance accordingly.
  • Load balancers can be programmed to direct traffic to servers dedicated to customer-facing traffic. Using them can also enable you to move traffic to the proper location instead of inadvertently allowing access to forbidden areas.

Load balancers are typically employed by larger companies with a prominent web footprint. However, smaller companies should still consider employing them because they serve a multitude of purposes. Keeping the load on your servers balanced can help network and website activity run smoothly year-round and prevent DDoS attacks from doing serious damage to your organization’s operations or web presence.

5. Plan and Practice Your Incident Response Strategy

An incident response (IR) plan is essential to identifying and recovering from a security incident. Security incidents should be investigated until they have been classified as true or false positives. The more timely and coordinated an organization’s response is to an incident, the faster it can limit and manage the impact. A solid IR plan can help contain an incident rapidly and result in better protection of customer data, reduction of breach costs and preservation of the organization’s reputation.

If your enterprise does not have an IR plan, now is the time to create one. In the event that your enterprise already has a plan, take the time to get key stakeholders together to review it and ensure it is up-to-date. Most importantly, test and drill the plan and document its effectiveness so you’re prepared for the attack scenarios most relevant to your organization.

When evaluating an IR plan, consider the following tips to help accelerate your organization’s response time:

  • Threat actors who compromise retail cybersecurity will typically turn stolen data around quickly for a profit on the dark web. Use dark web search tools to look for customer data that may have been compromised. Sometimes, data can be identified by the vendor that lost it, leading to the detection of an ongoing attack.
  • Before an attack occurs, establish a dedicated IR team with members from different departments in the organization.
  • Make sure each team member knows his or her precise role in the case of an incident.
  • Keep escalation charts and runbooks readily available to responders, and make sure copies are available offline and duplicated in different physical locations.
  • Test your IR strategy under pressure in an immersive cyberattack simulation to find out where the team is strong and what may still need some fine-tuning.

Make Retail Cybersecurity a Year-Round Priority

Increased vigilance is important for retailers during the holiday season, but these network security basics and practices can, and should, be maintained throughout the year. Remember, attackers don’t just wait until the holiday season to strike. With year-round preparation, security teams can mitigate the majority of threats that come their way.

Read the latest IBM X-Force Research

The post 5 More Retail Cybersecurity Practices to Keep Your Data Safe Beyond the Holidays appeared first on Security Intelligence.

Brand New Bag? TrickBot Malware Adds POS Data Collection Module

Security researchers observed TrickBot malware that utilizes a new capability: point-of-sale (POS) data collection.

Close on the heels of TrickBot’s recent pwgrab32 password-grabbing module, the new variant scans for indications that infected devices are connected to POS-capable services and machines, according to Trend Micro. It’s worth noting that while the malware collects data about the type and distribution of POS systems, at the time of the Trend Micro report TrickBot wasn’t yet grabbing credit card or banking information.

The new module, psfin32, is specifically designed to find POS services and technologies across infected domains. Using Lightweight Directory Access Protocol (LDAP) queries to leverage Active Directory (AD), the module looks for POS machines in the global catalog with a variety of substrings, including “POS,” “CASH,” “LANE” and “RETAIL.”

If it comes up empty, the malware searches for “AccountName” strings used by legacy Windows versions such as NT 4.0 and Windows 95. Once it has POS data in hand, the Trojan creates a preconfigured log file and sends it to command and control (C&C) servers using POST connections.

A Precursor to Holiday POS Attacks?

As noted by Trend Micro, TrickBot stopping short of full data collection could indicate that threat actors are conducting reconnaissance in preparation of a large-scale attack, which fits the TrickBot malware pattern of rapid code development and distribution followed by iterative attacks. This is particularly concerning for retail enterprises considering the proximity of this POS problem to the holidays. Given the annual value of holiday transactions, psfin32’s search-and-find efforts may be a precursor to more damaging POS attacks over the next few months.

TrickBot’s development speed is also worrisome for companies looking to stay ahead of security threats. Its password-grabbing module was only detected at the beginning of November, and within three weeks the new POS variant emerged.

How to Limit the Impact of TrickBot Malware

How can companies stay safe from TrickBot and prevent its POS attacks? IBM X-Force researchers recommend conducting a quick evaluation of basic security hygiene: Are applications and operating systems fully patched? Are antivirus tools up to date? Are monitoring tools capable of detecting networkwide indicators of compromise (IoCs) in place and active?

Security experts also point to the need for a critical shift in endpoint thinking: Rather than acting as the last bastion of security, endpoints should be treated as the first line of defense. By leveraging strong security tools that both monitor existing endpoints and detect new connected devices, security teams can limit the impact of TrickBot’s POS pilfering malware.

Source: Trend Micro

The post Brand New Bag? TrickBot Malware Adds POS Data Collection Module appeared first on Security Intelligence.

5 Recommendations to Improve Retail Cybersecurity This Holiday Season

This is the first installment in a two-part series about how retailers can help protect their enterprises this holiday season.

With the holiday season upon us, retailers have an opportunity to boost revenues before the end of the year. Any increase in profit at the expense of retail cybersecurity, however, can cost a company more in the long run, given the rising size and costs of data breaches and associated revenue and reputational loss. With extra web traffic and high order volumes coming in, the holiday shopping season can be a particularly perilous time for businesses seeking to safeguard customer information.

A Timely Cause for Retail Cybersecurity Concerns

Tis the season for retailers to buckle down on security, since data breaches typically peak just prior to and during the holiday shopping season. IBM X-Force Incident Response and Intelligence Services (IRIS)’s assessment of X-Force Interactive Security Incident data recorded between 2012 and 2017 revealed that 41 percent of all retail and consumer product breaches occurred between September and December, elevating the risk for enterprise network breaches during that time of year. More than two-thirds of all records in the consumer products sector were leaked, lost or stolen during these last four months of the year — that’s nearly 180 million records each year.

Don’t Reward the Naughty

A growing number of retailers now offer rewards programs to retain and nurture their customer bases. For shoppers to join these programs, most retailers ask for personally identifiable information (PII) such as name, address, phone number and email address. If ever compromised, an attacker can correlate this customer PII to payment data and use it to aggregate information to compromise the user’s identity.

In line with recent regulatory laws such as the General Data Protection Regulation (GDPR), retailers should collect the least possible amount of PII on customers, have a clear purpose for each data element, and make sure to always keep data encrypted and safeguarded, both in transit and at rest.

Phishing Is in Season

Attackers don’t wait for the holiday season to begin launching spam campaigns, which are often employed as the first stage of their overall fraud and attack campaigns. Analysis of X-Force spam honeypot data collected between 2015 and 2018 revealed a notable rise in the average volume of spam emails beginning in August, with September slightly lower and October ranking third.

Average Spam per Month

Figure 1: Total volume of spam emails recorded, 2015–2018 (Source: IBM X-Force)

Preventing and responding to data breaches leading up to and during the holiday shopping season has become imperative. It is incumbent on retail security professionals to perform due diligence during this time, and there are several ways to accomplish this goal.

Below are five holiday season tips for retailers to help make your enterprise a safer shopping environment. These techniques can help retailers identify impending data breaches and sidestep the costs associated with a major data breach.

While I’ve listed these tips in the order of what I generally consider to be top-of-mind for retailers, this list can be customized to serve your organization’s specific needs.

1. Mitigate the POS Malware Threat

After a popular big box retailer suffered a breach in 2013, public awareness around the vulnerability of point-of-sale (POS) systems grew exponentially. That breach was facilitated by malware that infected POS machines and helped threat actors access a large volume of credit card information to sell to other criminals on the dark web. This intrusion resulted in the theft of more than 110 million records.

Five years later, POS malware continues to plague retailers. According to IBM X-Force, 74 percent of publicly reported POS malware breaches in 2017 impacted the retail sector. X-Force IRIS has observed malicious actors using POS malware, such as FrameworkPOS and PoSeidon, to siphon credit card data from POS terminals. Web-based malware, which steals credit card data on the fly as online transactions are processed, is also gaining steam.

To help mitigate these risks, both in physical and virtual realms, retailers should take the following steps:

  • Use some form of malware detection on your entire network to include the network of POS systems.
  • Test the devices’ hardware and software (more to come on penetration testing in the second installment of this series) and keep devices up-to-date through regular patching.
  • Work with a supplier that will contractually adhere to both your regulatory standards and security requirements.
  • When using mobile POS, have controls in place to ensure the integrity of the hand-held device and the encryption of its communication channels with the server that processes and stores card data.
  • Ensure any mobile payment system is from a trusted provider that supplies regular updates, patches, and equipment upgrades to comply with advances in encryption requirements and evolving threats.

Cybercriminals also commonly steal credit card data through payment card skimmers. These physical devices are fitted into the mouth of card readers and work by copying track data from the credit card and storing it on a memory chip inside the skimming device. In addition to retail establishments, skimmers are often found in ATMs, restaurants and gas stations.

As a precaution, retailers should frequently search for devices on their POS terminals and swiping equipment. Attackers typically attach skimmers to the device by sliding them onto the scanners and collecting them later. To check for a skimmer, examine devices daily and pull on the scanner if anything appears different. If part of the device comes off, it may be a skimming device. Call your service provider and IT security team to report it before resuming activity with that terminal or device.

With security controls and practices becoming more efficient, threat actors have resorted to gluing card skimmers to machines. This makes it difficult to detach by simply pulling it off the affected device. Retailers should train employees in all locations to recognize the proper look and components of their POS terminals and swiping devices. Employees should also know how to report suspicious devices.

2. A Clean Network Is a Safe Network

Payment card data carries immediate monetary value to criminals, and there are many methods by which they aim to steal it.

One tactic IBM X-Force researchers have seen increasingly often is the injection of malicious code into legitimate e-commerce websites. By compromising websites where people shop online, attackers can send payment data submitted during customer checkout to their own infrastructure.

To help reduce the likelihood of becoming a feeding ground for criminals, online retailers should take the following steps:

  • Harden the security of underlying web servers.
  • Limit access to critical assets and properly manage the privileges of those that maintain them.
  • Ensure that web applications are secure, harden them against threats like SQL injections and other common attacks, and have them tested regularly.
  • Deploy a change monitoring and detection solution to spot unauthorized modifications to your e-commerce platform’s web hosting directories. If this is not feasible, schedule periodic, manual reviews of these assets.

Account takeover (ATO), which occurs when a threat actor gains unauthorized access to an online account that belongs to someone else, can also affect e-commerce customers. With access to shoppers’ accounts, fraudsters can wreak havoc by stealing stored payment data, making fraudulent purchases and rerouting existing orders to a different address, for example.

Unauthorized access requires the use of legitimate credentials, which criminals can attain through a variety of tactics. The most common methods include phishing, brute-forcing weak passwords and launching SQL injection attacks on the web application itself.

You can help mitigate these threats by practicing good network hygiene. Here are some useful tips retailers can apply today to lower the risk of user account compromises:

  • Employ the most recent patches for all hardware, internal and external software, network communication protocols, and database security protocols.
  • Sanitize user input to prevent injection attacks.
  • Prioritize patching for the threats most relevant to your organization. Look out for the most-exploited vulnerabilities and ensure that internet-facing servers and systems are up to date.
  • Always consult your local computer emergency response team (CERT), IBM X-Force Exchange and other threat intelligence sources to gather the latest news on vulnerabilities and mitigation techniques.
  • Enforce multifactor authentication (MFA) for employees.

3. Go to Your Separate Corners

Cybercriminals are always leveraging new ways to steal payment card data and correlate it with PII. Elevated volumes of web traffic during the holiday season provide attackers with even more targets and opportunities.

To help keep customer data safe, even in cases where criminals manage to infiltrate assets, security teams should keep PII, financial data and POS information separate by segmenting enterprise networks. By keeping this information separated and encrypted, attackers will find it much harder to correlate data on customers. While segmenting a network can be an intensive process, it’s a small price to pay to keep customer data safe.

In network segmentation, allow only one IP address per segment to communicate at a time to detect suspicious traffic. While an attacker may spoof his or her IP address, this control can allow defenders to find out about most intruders rather easily. Here are some other best practices to consider:

  • Conduct internal audits for segment crossover to ensure that segregated data sets do not get mixed over time and appear in other places on the network, which can help attackers with identity theft.
  • Deploy web application firewalls (WAFs) to help ensure that incoming traffic is filtered, monitored and blocked to and from web applications to mitigate threats such as cross-site scripting (XSS) and SQL injection.
  • As a secondary measure, a firewall should be implemented to effectively govern all traffic coming in and out of the network. Firewall configuration is a key element in its effectiveness and should be performed by a certified network technician.
  • Have administrative users log in with a lower privilege level before escalating their privileges to perform updates and maintenance.
  • Prevent sensitive users and systems from communicating with the internet.

4. Learn From History and Educate Users

Nearly every company has some kind of data protection training in place. To make employee training programs more effective, organizations must understand that training materials are sometimes clicked through at a rapid pace to complete them as quickly as possible in favor of getting back to work. So how can an organization effectively educate their users?

  • Plan for role-based training of all employees in the organization.
  • Train employees on both physical and digital security.
  • Conduct short training sessions and field-test them by asking for employee feedback.
  • Launch an internal phishing campaign: Send a spoofed email from a dummy account with official-sounding names, titles and subjects, and track the number of users who click on the links or attachments. Offer additional training according to the conclusions from the campaign.
  • Identify users who need remedial training and retest as needed.
  • Most importantly, provide all users with an easily accessible resource to report issues. Users should be able to contact IT security with any question or suspicion.

For education to be effective, it has to be repetitive and stay top-of-mind for users across the entire organization. Get management to support awareness campaigns and find opportunities to educate users. Having vigilant employees makes mitigating attacks during the holiday season that much more effective. Frequent email reminders, illustrative posters and communicating best practices during team meetings can demonstrate your organization’s commitment to secure day-to-day conduct. Giving users personalized attention can go a long way toward making the message resonate with them — for example, you might consider gifting a security-themed mug for the holiday season.

5. Use Network IP Whitelists and Blacklists

Whitelists are IP addresses or domains used specifically for allowing access, whereas blacklists are used to help prevent IP addresses or domains from entering a network. Whitelists and blacklists are useful for keeping unauthorized and authorized connections within or outside the network. Keeping these lists up-to-date demands some diligence, but they can be crucial to boosting network security.

Filtering IPs according to these lists is more suitable for enterprises that do not manage e-commerce activity, since e-commerce companies have to accept inbound requests from all over the world, especially during the holiday shopping season.

These lists are much easier to maintain for networks that do not face external customers because blacklists can be used on both inbound and outbound access to help block known malicious hosts from communicating or accessing the organization’s data and assets. Below are some basic tips for filtering hosts:

  • Blacklist any IP addresses known to be malicious. Constantly updated lists can be fed into security solutions directly from threat intelligence platforms.
  • Should a blacklisted IP address have legitimate reasons for communicating with the network, investigate, confirm and allow access via the whitelist.
  • Whitelists should include any internal company addresses.
  • Whitelists should exclude any websites that are not relevant for employees carrying out their daily tasks (e.g., social media, webmail, etc.).
  • It is imperative to verify these lists periodically to help ensure that all information is accurate.
  • Should any IP addresses on the whitelist become outdated, it should be promptly removed or moved to the blacklist.
  • Keeping allowed and banned IP addresses from becoming intermingled is a basic premise of effective whitelist/blacklist practices.

Stay Tuned for More Holiday Season Tips for Retailers

There is no such thing as unimportant data. Take every necessary precaution to help protect enterprise and customer data by implementing strong retail cybersecurity controls, educating users and following current best practices. Maintaining customer confidence in your ability to protect their PII can result in more business, increased customer loyalty and stronger organizational reputation.

Stay tuned for five more tips to help retailers stay secure this holiday season.

Read the latest IBM X-Force Research

The post 5 Recommendations to Improve Retail Cybersecurity This Holiday Season appeared first on Security Intelligence.

Retail Security Hygiene: The Case for Seasonal Checkups

The winter holidays offer big potential for retailers, with some companies earning around 30 percent of their annual revenue during the season, according to the National Retail Federation. Big sales numbers, however, also drive increased risks of fraud and theft, and businesses are now spending on extra security measures to keep physical stores safe.

But this is only half the battle. With retail stores moving online and hiring seasonal staff to bridge the holiday gap — not to mention handling employees who are more focused on holiday breaks than network breaches — it’s worth taking stock of retail security hygiene and revisiting how to protect consumer data from opportunistic cybercriminals.

Here’s how a seasonal hygiene checkup can help mitigate three top retail risks.

Fight E-Commerce Fraud During the Holiday Season

Online fraud jumps during the holiday season. As reported by PYMNTS, while total transactions rose 19 percent, online fraud increased by 22 percent from Thanksgiving to the end of 2017. There’s no single point of fraud failure across retail e-commerce stores, but threat actors continue to prioritize phishing emails as the primary point of compromise. If attackers can convince customers or employees to open attachments or follow malicious links, both purchase fraud and network infection are possible.

So how can companies assess their current security hygiene around e-commerce? It starts with simple questions: What do common attacks look like? What are the likely threat vectors? What are the potential costs? If retail organizations aren’t sure of the answers, they’ve got work to do. As U.S. Attorney Erin Nealy Cox wrote in Forbes, companies should create common threat profiles that allow IT teams to focus on vulnerable areas and develop specific countermeasures.

Simple processes — such as locking accounts after multiple failed login attempts and putting a limit on multiple purchases made over short timespans — can help, but it’s also a good idea to leverage automated, real-time fraud detection solutions to help identify attack patterns and reduce total risk.

Seasonal Staffing Concerns

To handle seasonal crowds without compromising customer service, many organizations hire extra staff during the holidays. According to Retail Dive, experts predict that retailers will bring on 650,000 seasonal employees to help offset consumer demand this year. To do their jobs, seasonal workers need access to point-of-sale (POS) networks, checkout systems and any mobile applications used by the company. This is the next hygiene shortfall for many companies: Hiring new employees without effective security onboarding and offboarding.

Consider a staff member who receives access to POS systems that are connected to back-end corporate networks. Inadequate training has them leaving sessions open and sharing passwords with co-workers, while minimal offboarding means they may retain login details and/or remain on internal permissions lists. As noted by Channel Partners Online, better security in this case starts with segmentation: POS and other sales systems should always be logically separated from other network services to prevent unintentional — or malicious — compromise.

Identity and access management (IAM) tools are also critical. IT teams need a way to control access for all retail workers — even those employed for only a few months — at a granular level to help protect consumer financial data and corporate intellectual property (IP). By assigning seasonal workers access roles with privileges that allow the completion of day-to-day tasks but don’t permit extraneous activity, retailers can boost both in-store and online security. Additionally, IAM solutions make it easy for network administrators to remove seasonal accounts and privileges when the holidays are over.

How to Protect Consumer Data From Insider Threats

No seasonal security checkup is complete without taking stock of internal employee risks. While Security Magazine noted that 75 percent of these insider threats are accidental, they’re no less risky to retail bottom lines, especially if users accidentally give threat actors complete access to network resources.

Improving security starts with a look at employee time off. Are workers putting in extra hours, pulling double shifts or working straight through the holidays? As noted by Harvard Business Review, 94 percent of employees who take time off for vacation come back to work with more energy and a better outlook. This may not be possible for retail companies during the holiday season, in turn lowering productivity and putting organizations at risk. It’s also worth assessing the number of employees working from home. As the holidays approach and weather gets worse, more and more employees may opt for home offices instead of slippery commutes. But are they logging into network services safely?

The first step for better internal security is to implement two-factor authentication (2FA). This practice helps reduce the chance of accidental logins and limits the ability of threat actors to compromise networks if less-than-productive employees have clicked on infected links or opened malware-laden attachments. It’s also a good idea to invest in virtual private networks (VPNs) and other network safeguards to help prevent bad actors from eavesdropping on remote workers. Email management solutions, meanwhile, can prevent messages with sensitive attachments from leaving secure corporate environments.

Give the Gift of a Security Hygiene Checkup

With the winter holiday season already upon us, retail companies would be wise to conduct a quick, but thorough security hygiene checkup. Start as early as possible to make it easier to identify key threats across e-commerce systems, seasonal staffing policies and employee behaviors. Then, develop a formal process to address these issues and improve security outcomes. This prevents security best practices from sitting on a shelf while retail risks rack up, and provides a blueprint for technology deployment and implementation.

Listen to the podcast: Examining the State of Retail Security

The post Retail Security Hygiene: The Case for Seasonal Checkups appeared first on Security Intelligence.