What happened to Optus, Medibank and Harcourt in recent weeks could happen to any business. Cyber attacks are on the rise, because data has a value. Understanding the value of data is the key to investment in its security.
Our Tower Systems POS software company prepared and published advice to its 3,000+ customer community. I share this advice here as it could be useful to any retailer or business owner.
There are things you can do in your business to better protect it from attack. We put together this advice for our POS software customers and share it here with you. Here is our advice:
Security is important for any business and it is important that you protect your business as best you can while still allowing the business to operate efficiently. This is not just for the security of you business and customer data but to provide protection against malicious attacks such as ransomware.
Below we will list the things you can do to ensure your computers are as secure as possible. However, some of these restrictions may not be for suitable for all businesses. You will need to decide what is your best approach while being aware of the risks associated.
Windows Usernames and Passwords
The easiest form of security you can enable is having each computer require a username and password to access it. The passwords should be changed every couple of months. A drawback of having usernames and passwords is that you need to ensure that all staff are aware of the passwords so that access is not hampered.
Windows Active Directory via AzureAD or Similar
An option for an additional layer of security (over and above standard windows usernames and passwords) is to implement a domain network where staff logging in are authenticated by a Windows Active Directory service. This option has a not-insignificant cost associated with it. It also means that you will need to allocate staff individual accounts and they would need to use these to access your system. Implementation of this may also have setup ramifications for your POS software.
If you are not using Windows Remote Desktop (RDP) this it is highly recommended that you disable this service in Windows. If you are using this service then ensure you have a very strong password that is updated regularly. The preferred option for RDP is to use this via a VPN however if this is not possible access should be limited to specific IP addresses. Additionally, when this is used in conjunction with an active directory service, like the one mentioned above, this adds an additional layer of security.
Our recommendation is to use a cloud backup service that incrementally backs up your entire PC. Consider adding a cloud backup service to any computer that stores any valuable data, not just your server. It is imperative that the service you use has both a local and a cloud copy for easy disaster recovery.
While saved browser passwords are very helpful, it does open a risk should your PC be compromised. Our suggestion is to not save passwords, especially for accessing any service that stores sensitive data, like bank login etc. Consider using a password manager such as LastPass or 1password to help you remember passwords.
Once of the biggest security risks in your business is email. Only open attachments and click on links in emails that you are sure are from known senders. Check email addresses as well as the sender’s name. If it sounds suspicious, it probably is.
People Remote Connecting to your Computer/Network
Be careful about who you let take remote control of your computer, ensure they are from who they say they are. If you are suspicious, terminate the call and call the representative back on a publicly available number.
Don’t use out-of-date Software, Hardware or Operating Systems.
Keep your systems up to date by ensuring you are running versions of software, operating systems and hardware that are still supported by their manufacturers. Make sure that any updates to software, especially Windows security updates, are loaded as soon as possible. This will ensure that you are not susceptible to any vulnerabilities have been patched by the supplier.