fbpx

Could Your Business Withstand a P.F Chang’s or Target Style Breach?

While the days of the horse-mounted bandit sticking up a postal worker may be over, crime certainly hasn’t gone anywhere – it’s simply become much more sophisticated.  Tommy guns and telephone hacking followed in the decades to come but the majority of consumers’ assets stayed relatively safe, tucked away in safety deposit boxes at banks where tellers could attach a name to a face.

In the last decade, the name has become faceless and that type of information isn’t held just by banks anymore.  Instead of bringing a tommy gun, thieves are now breaching corporate information databases with sophisticated hacking tools and stealing massive amounts of customer information – PF Chang’s and Target are two recent examples of these breaches.

The 90’s conjured up images of a geek with glasses sitting behind multiple computer screens but the present truth is that most breaches take place automatically via malware.  In many cases, the victim is a small to mid-size business brought down from a lackadaisical approach to security with few safeguards protecting them and their customers.  As far back as 2004, small businesses were actively targeted by hackers with the MyDoom virus, the perpetrators understanding slow technological advances in small business.

Malicious Software

MyDoom was one of the first major viruses (or malware) of the budding internet age but many have come and gone since then.  Malware is software designed to exploit known vulnerabilities in a number of different ways.  Viruses like Heartbleed communicate by “pinging” a potential victim and asking their computer to respond.  If the response goes through, the computer can be fooled into providing security information even on a well-protected system.  Even governments aren’t safe from this one, it managed to affect the Canadian Federal Government’s Social Security website, causing massive panic during the 2014 tax return season.

Other malware like Zeus target online banking specifically.  Zeus can make its way onto a computer as a seemingly innocuous email attachment but can contain programs like Cryptlocker which can be used to ransom Bitcoin accounts or banking information stored on personal computer at home or the office.

Even unprepared retailers aren’t safe with malware like BlackPOS around.  This particular program is difficult to detect and is believed to be responsible for the breach at Target and Neiman Marcus earlier this year.  According to an interview by Krebs on Security with security expert Tom Arnold “It’s very much designed for the POS system it’s running on, because it knows exactly where to hook and where the memory location is going to be when the data it’s looking for is flowing through it”.  In lay terms, the program lifts data from payment cards while being harder to detect because of the way it communicates with the POS software.  Certainly a nightmarish situation for any retailer.

How To Protect Yourself

As a consumer, everyone should be aware of how their particular bank detects and handles fraud and security breaches.  It is also important to have basic virus protection like avast! or Microsoft Security Essentials.  Available in America as of 2014, EMV chipped credit cards offer a layer of security that makes it far more difficult for most malware to siphon information.  With massive credit card industry growth from the 1980’s forward, it is estimated that over 80% of Americans own a card and are using them far more often at a wider variety of businesses – all the more reason to acquire a chipped card.

 

When scaling up to small-business sized enterprise, if payments from clients come into play via a POS system, having an integrated firewall becomes necessary.  Most wired and wireless routers will have a built-in firewall but more in-depth solutions like BitDefender go a few steps further in ensuring the integrity of you and your customers’ information.

Target released their CEO as details about their first major attack surfaced, the first major CEO to be let go for lapses in cyber-security.  As security systems become more complex, so do hackers ability to break into those systems that have been outdated much as Target’s system happened to be.  As credit and debit use rises, so does the need for an integrated security system for even the smallest business, an enterprise of any size can be taken down by lax security.  In summary, don’t end up like PF Chang’s – no matter how good the food is, if customers can’t trust you with their information, they’ll find someone else to feed them.

 

sure-1435364_640