Retailers are a huge cybercriminal target. That’s because there is so much valuable data help in retailers’ IT coffers.
For larger retailers, there are myriad systems to protect, which could add up to hundreds, sometimes thousands, of locations with all the related end point devices. These include PCs and laptops, kiosks, Point of Sale (POS) and electronic POS (ePOS) systems, tablets, and even smart phones.
Here are some challenges and solutions for retail IT.
Retail has particular and critical security needs. A retailer’s very existence depends on keeping customer data safe. Credit card data springs to mind first. And that is crucial. An even bigger issue is the personal information that surrounds the card number; information rich enough to sow the seeds for identity theft – a fraud much more difficult to escape from.
Solution: Retailers must have a defense-in-depth strategy where all aspects of the network devices and applications are protected. Just as important is training workers on proper security procedures such as maintaining strong passwords, avoiding malware, and spotting and shutting down social engineering attacks.
If you are a retailer who deals with credit cards, you have to abide by Payment Card Industry Data Security Standard (PCI-DSS) rules. Recently the regulations were tightened and now require retailers involved in electronic transactions to take stronger authentication measures.
PCI has a number of key requirements, such as having firewalls installed and maintained, never using default passwords, and encrypting cardholder data whenever it is transmitted electronically.
There are penalties for PCI non-compliance and well as for successful breaches. There are fines that range from (USD) $5,000 to (USD) $500,000 for non-compliance. And your banks and credit card institutions can levy these fines against you.
Protecting POS and ePOS
POS systems have undergone dramatic improvements in recent years. There are now state-of-the-art ePOS systems tied deeply into retail backend systems to check and update inventory in real-time, can access the retailer’s web site to check internet prices, and often ties into promotional email systems.
Because ePOS systems are essentially specialized PCs, basically anything that can run on a PC can potentially run on an ePOS device.
The PC element is an operational blessing and a security curse. PCs still offer the widest attack vector for malware and breaches – and represent a major conduit for retail IT attacks.
Solution: These remote devices need to be closely watched, secured and kept in repair through endpoint management processes and solutions. Through such a solution, ePOS devices are kept patched and updated and monitored in real-time to detect and immediately fix any issues.
Unmanaged Devices are Ripe for the Picking
POS and ePOS devices are one of the most popular targets for remote attacks, according a data breach research . Verizon found some 534 incidents of POS attacks in the last year, and in the vast majority of these cases, 525 in fact, there was confirmed data exposure.
The common thread in most successful attacks remains malware. And what are the attackers largely after? Credit card data and related personal information. As I mentioned at the top of the blog, that is why the retail vertical is one of the leading areas of attack across all industries.
Solution: Retail IT pros would be advised to defend against old and new attacks alike. Top of the security list is making sure your antivirus/anti-malware systems are always fully up to date and routinely monitoring all devices.
Get Authentication That Works
In earlier PCI days, two-factor authentication (TFA) was required for those dealing directly with cardholder data. In the newest rules, TFA is required for all those with network access that could put them in contact with payment data.
That means a far greater number of people now need TFA.
Solution: Verizon advises all retailers to implement strong authentication. “Static single authentication is a weakness that is used in spades by the attackers. If possible, improve this with a second factor such as a hardware token or mobile app, and monitor login activity with an eye out for unusual patterns,” Verizon advised.
Know What’s Happening through Endpoint Management That Works Remotely and Automatically
POS systems are usually widely distributed, except in the rare case of a retailer with a single location. In addition, there are more computers than just POS devices. And these devices need to be protected, managed and fixed as well.
In fact, the majority of retail IT organizations are saddled with conducting on-site visits to maintain, update and fix devices. Precious time is lost commuting back and forth to the devices at these remote locations.
This is a dangerous and untenable situation. Devices in the field should not be left unprotected or broken – which can force a cashier station to shut down, or even worse a kiosk in a remote location left inoperable until a technician shows up. But it is not efficient, or likely even possible, for the IT staff to handle all this work in a timely manner. Nor should they try. It is better to implement tools to make this work easy to handle without visiting each device and machine in need.
Solution: These solutions can also implement fine-tuned control. For instance, IT pros can establish performance thresholds. When these are exceeded, admins will get an alert so they can take action. This way issues can be fixed before they become problems – and before end users notice a thing.
In fact, security patches and software updates can be tested centrally then pushed out to all machines or select groups once they are proven safe
Unravel Network and System Complexity
Retail networks, unless you have a single location, are complex, with many scattered and diverse end points, as well as wide-area and wireless network issues. Because these systems are so complex – now with many solutions being run on various hybrid environments combining public and private clouds – there are more points of failure; so, it is harder to find reasons for a failure and it takes longer to fix the problem.
Retailers must keep IT operations running all the time. Downtime means lost revenue and, even more so, loss of trust.
So IT must understand what is happening with the systems under their charge. Monitoring is key to providing this understanding. Part of this is involves log-ins – you must be able to track all of these to make sure none are inappropriate or come from
Solution: You must monitor your network, the LAN, wireless, and whatever WAN connections you have out to the cloud or private links to other corporate locations. This monitoring tool should spot any performance issues or trouble spots that exist and enable IT to quickly identify the root cause of the issue so that the systems can be restored to full speed quickly.
Kaseya Solutions – An Essential Retail IT Toolkit
Kaseya has a number of solutions that make retail IT pros’ lives easier. There are three in particular we’d like to highlight.
Kaseya VSA is an IT system and endpoint management solution for IT. In the case of retail, VSA can increase device uptime, performance and security — including kiosks, ePOS, tablets, servers and PCs of all forms.
VSA supports remote management of your devices which is done through a single console..
With Kaseya VSA, retail IT pros can:
- Discover, audit, inventory and monitor clients, servers and the network. This way, the IT staff has full visibility into their network and all attached devices (including ePOS devices), as well as real-time status on all operating details for these devices.
- Perform patch management. Many POS devices are based on PCs and the easiest PCs to attack are those that aren’t patched.
- Monitor end points for performance or problems.
- Resolve issues – including non-working hard drives. Any retail system that is down, especially POS or a kiosk is a money loser. The faster they are up to speed using the right endpoint management tool, the better.
- Maintain and run antivirus/anti-malware tools. Malware is still the number one way retail systems are compromised. Up-to-date antivirus/anti-malware is the best line of defense.
- Real-time reports to support PCI audits. By ensuring all systems are monitored and in compliance, VSA makes it fast and easy to run real-time auditing reports as needed.
The great news is all that all these benefits can be automated, based on predefined policies that you set and manage based on your business’ needs.
AuthAnvil Multi-Factor Authentication
PCI authentication rules have tightened greatly, including the fact that all those that COULD come in touch with credit card holder data MUST have two-factor authentication.
Kaseya AuthAnvil provides two- and multi-factor authentication – as well as the ability to encrypt all user passwords and the data as it is transmitted.
There are two other layers of authentication protection. AuthAnvil includes single sign-on (SSO) which makes it easier for end users to log-on securely to multiple services. And password management enforces key issues such as strong passwords, frequently changed passwords, and decommissioning a password when an employee leaves.
Traverse Network and Cloud Monitoring
Kaseya Traverse is a full-featured network monitoring solution that drills into on-premises, cloud or hybrid infrastructure. It can monitor performance so the network and all the services it carries are performing at required service levels.
With Traverse, IT staff can view this complex infrastructure based on a service views. So, for example, all the network and datacenter components that support the “Checkout” service can be viewed holistically – no matter how dispersed the components are over the infrastructure. This service-oriented view enables fast root cause analysis, so network and service problems are quickly resolved and don’t hold retail operations up.
Learn more about Kaseya Traverse here.
Go Deep on Retail Issues
For more on Retail IT top concerns, download Kaseya’s white paper How to Overcome 9 Tough Retail IT Challenges.