A report by Bank Info Security delivers another blow regarding point-of-sale systems: Information Systems & Supplies Inc., a major food-service POS and security systems provider, has been hacked. Turns out, the company was breached via remote access on…
- February 28, 2014.
- March 5, 2014.
- April 18, 2014.
While it’s heartening to know that the company has done a thorough enough investigation to determine exact breach dates, it doesn’t change the result. The compromise has likely exposed customer credit card information for the food businesses that use the POS service provider. (Their clientele includes big names such as Dairy Queen and TacoTime.) Though none of Information Systems & Supplies Inc.’s customers has reported any data loss so far, it may just be a matter of time. The exact aftermath of a breach often takes a while to surface because criminals sell or store the compromised financial data to use at a later date.
So what does this breach mean for your small restaurant, bakery, or bar?
Reminder: POS Systems Are the Weak Link
Security experts think the main reason for the Information Systems & Supplies Inc. POS hack has to do with weak authentication protocol. To right the wrong, the company changed the system to require two-factor authentication in order to access it.
But is weak authentication the only reason why hackers target POS systems? Does that explain why, according to the Verizon Data Breach Investigations Report for 2014, 75 percent of data security incidents in the food services industry happen at the point of sale – more than double the POS intrusions retail stores face?
As with so many problems, the answer is multifaceted. POS systems are often targeted because…
- They have weak security measures.
- The software isn’t regularly updated.
- Some smaller third-party companies that maintain the systems often don’t have a full-time IT person on staff.
You may think that outsourcing your POS services to a third party can help limit your liability for data breaches, but in truth, the heat can still fall on your business. Customers can sue your food business over the breach, and to recoup your losses, you may have to turn around and sue the POS service provider – a sour undertaking for everyone involved.
Keeping Your POS System Safe
Though there’s no way to entirely remove your data breach vulnerabilities or bulletproof your system, there are a few ways to reduce your risks. Here are some tips:
- Update your POS software regularly. If you don’t outsource the service, all the security maintenance falls on you.
- Use two-factor authentication to access systems (if applicable). If you manage your own system, be sure that those who access the system must use a password and a one-time code to view the stored information. If you outsource your POS services, be sure to ask the company about their authentication process.
- Know that outsourcing POS services doesn’t get you off the hook. If you contract with a third-party POS service provider, know that you can still be held responsible for breaches on their systems. As far as your customers are concerned, you should do everything in your power to protect their financial information, and a court may agree. Even if liability ultimately falls on the third-party provider, you’re still responsible for notifying affected parties about the breach and offering credit-monitoring services, according to most states’ data breach laws. Which brings us to the next point…
- Carry Cyber Liability Insurance. Cyber Liability Insurance can’t eliminate your cyber risks, but it can offer you the resources to handle the fallout once those risks become realities. First-party response coverage can pay for the cost of data breach notification, credit-monitoring services, and PR measures to rebuild your reputation. A third-party defense policy can help pay for your legal expenses (e.g., attorney fees and settlements) when your business is sued over a data breach.
To learn more about POS data breaches and prevention tips, read our post, “75% Of Restaurant Data Breaches Are from Point-of-Sale Hacks.”