SlideShare a Scribd company logo

Keeping hackers out of your POS!

Download as PPTX, PDF
AVG Technologies AU
AVG Technologies AU

Michael McKinnon, Security Advisor for AVG, shares his tips for staying secure in retail and POS environments, so retailers can protect themselves from cybercrime.

BusinessTechnology
1 of 27
AVG.COM.AU AVG.CO.NZ Keeping the hackers out of your POS! Michael McKinnon, AVG Security Advisor
What are we looking at today? AVG.COM.AU AVG.CO.NZ
Quick Overview 1.The Problem 2.Attack Vectors 3.Types of Attacks 4.Solutions AVG.COM.AU AVG.CO.NZ
The Problem Unlike shoplifters, cybercriminals set up camp and stay there, stealing from retailers for extended periods of time.
PC based POS systems • They are cheap, efficient and can be used for multiple purposes • However, the PC has become the POS security “battleground” + + AVG.COM.AU AVG.CO.NZ
Data breaches are still too easy! Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
Offline retail is the biggest cybercrime target Australian Retail Spend Offline Retail Online Retail 4% 96% Source: NAB Online Retails Sales Index – July 2012 AVG.COM.AU AVG.CO.NZ
Infiltration of POS transaction data There are lots of examples in the news… Source: www.cio.com.au/article/436663/two_romanians_plead_guilty_point-of-sale_hacking/ AVG.COM.AU AVG.CO.NZ
Attack Vectors There are 6 ways cybercriminals can gain entry into your retail business…
#1. Default passwords The user manual says: “Step 1. Change the default password” BUT, it is far too common that these are not changed, or they’re changed to someone else’s “default” password (which is widely known) AVG.COM.AU AVG.CO.NZ
Which password is the most secure? 1. E56#av+Yb! 2. Password123 3. aaaaaAAAAA#####43 4. 123456 5. lucasjames AVG.COM.AU AVG.CO.NZ
Answer: aaaaaAAAAA#####43 But why? • 17 characters in length • Contains upper and lowercase letters • Contains numbers • Contains a symbol • There are 37 thousand billion billion billion possible combinations! Learn other tips to creating a secure password here. AVG.COM.AU AVG.CO.NZ
#2. Remote desktop access • Convenient and very common for providing remote support • But, often poorly implemented with weak passwords AVG.COM.AU AVG.CO.NZ
#3. Insecure wireless networks • Wireless networks are convenient in retail environments, however when they’re poorly configured, they represent a huge security risk • Data packets can be “sniffed” by nearby attackers AVG.COM.AU AVG.CO.NZ
#4. Phishing, spear phishing & whaling • Phishing is the sending of specially crafted emails to trick users into divulging sensitive information. For example: “Click here to see the details of your order” –> (login page) • Handling email in a retail setting can be very dangerous! AVG.COM.AU AVG.CO.NZ
#5. Social engineering • Social engineering means that gaining access to someone’s computer only needs to be as hard as gaining their trust! • What do you give for a 10th wedding anniversary…? “I could have got her to click on anything I wanted!” • It’s about customer service vs customer honesty AVG.COM.AU AVG.CO.NZ
#6. Physical disclosure • Modern retail layouts often remove the traditional counter, exposing equipment to theft or tampering • Disclosure of the makes and models, or other identifying labels, can also compromise retailers • Physical loss is no.1 risk for secure mobile devices AVG.COM.AU AVG.CO.NZ
Types of Attack Malware and hacking are the most common attack methods used by cybercriminals.
Common types of attack Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
Malware & Trojans • Common varieties that cause general havoc include Fake Antivirus & ransomware • Retail / POS specific – “RAM scrapers” (designed to exflitrate transaction data) • Remote control Trojan or Rootkit (designed to remain hidden for future access) AVG.COM.AU AVG.CO.NZ
Hacking • When combined with custom written malware, hacking is highly- targeted and designed to avoid detection and remain in place for a long time • In 2011, Verizon reported that 81% of incidents utilised some form of hacking AVG.COM.AU AVG.CO.NZ
Solutions You may be surprised that security solutions are often simple and inexpensive.
The solutions are NOT expensive Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
Tips & suggestions 1. Use strong passwords and change the default ones 2. Secure remote access with strong authentication 3. All wireless networks should use “WPA” or “WPA2” 4. Avoid spam email – use an Anti-Spam solution 5. Increase staff awareness of social engineering tactics 6. Use endpoint protection on every device (antivirus and anti-malware) – AVG is a good choice! AVG.COM.AU AVG.CO.NZ
Follow the money • Cybercriminals tend to “follow the money” • This means the types of attack are often predictable: • Credit card data • Private customer information • Refund / returns policy • Bank accounts • Financial processes AVG.COM.AU AVG.CO.NZ
Talk to your IT provider & stay in the loop! • Ask them: “How are you keeping us secure?” • Sign up to vendor notification / update lists • Every six months, do a proper review of security AVG.COM.AU AVG.CO.NZ
Thank you! For even more information on retail security, visit: avg.com.au/POS facebook.com/avgaunz avg.com.au avg.co.nz twitter.com/avgaunz AVG.COM.AU AVG.CO.NZ

Recommended

Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
Advanced Technology Consulting (ATC)
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control System
Grant Swanson
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the Hack
Jason Jakus
 
How I'd hack into your business and how you can stop me!
How I'd hack into your business and how you can stop me!How I'd hack into your business and how you can stop me!
How I'd hack into your business and how you can stop me!
AVG Technologies AU
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
Anton Goncharov
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Tripwire
 
Jeff lanza id theft handout business march 2011
Jeff lanza id theft handout business march 2011Jeff lanza id theft handout business march 2011
Jeff lanza id theft handout business march 2011
Lawrence Medical Managers
 
Umbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableUmbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-able
OpenDNS
 

Recommended

Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
Advanced Technology Consulting (ATC)
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control System
Grant Swanson
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the Hack
Jason Jakus
 
How I'd hack into your business and how you can stop me!
How I'd hack into your business and how you can stop me!How I'd hack into your business and how you can stop me!
How I'd hack into your business and how you can stop me!
AVG Technologies AU
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
Anton Goncharov
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Tripwire
 
Jeff lanza id theft handout business march 2011
Jeff lanza id theft handout business march 2011Jeff lanza id theft handout business march 2011
Jeff lanza id theft handout business march 2011
Lawrence Medical Managers
 
Umbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableUmbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-able
OpenDNS
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
NowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
NowSecure
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
Dimitris Chalambalis
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
EC-Council
 
Sectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based CompanySectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based Company
Sectechbiz
 
Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011
Filip Maertens
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
Digium
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your business
Management Insights LLC
 
The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Online
pcsafe
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
Joshua Berman
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEs
DarraghCommsec
 
Web security 2012
Web security 2012Web security 2012
Web security 2012
Mohamed Elabnody
 
BYOD and Your Business
BYOD and Your BusinessBYOD and Your Business
BYOD and Your Business
cherienetclarity
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
Venafi
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Mark Evertz
 
Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?
5 Minute Webinars
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security IndustryUnsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
digitallibrary
 
Nclb ayp compass pp
Nclb ayp compass ppNclb ayp compass pp
Nclb ayp compass pp
ILESCRS
 
Redes sociales en la educación
Redes sociales en la educaciónRedes sociales en la educación
Redes sociales en la educación
Andrea Ludeña
 

More Related Content

What's hot

Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
Joshua Berman
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security IndustryUnsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
digitallibrary
 

What's hot (20)

Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
 
Sectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based CompanySectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based Company
 
Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your business
 
The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Online
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEs
 
Web security 2012
Web security 2012Web security 2012
Web security 2012
 
BYOD and Your Business
BYOD and Your BusinessBYOD and Your Business
BYOD and Your Business
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security IndustryUnsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
 

Viewers also liked

Autobiography
AutobiographyAutobiography
Autobiography
jfaloon15
 
танилцуулга
танилцуулгатанилцуулга
танилцуулга
Narantuya_1973
 
τι ωραία τι χαρά
τι ωραία τι χαράτι ωραία τι χαρά
τι ωραία τι χαρά
Matina Kallitsari
 
Scientific writing masterclass 2011
Scientific writing masterclass 2011Scientific writing masterclass 2011
Scientific writing masterclass 2011
Kelly Chan
 
Summer training project report on fluctuation of indian stock market
Summer training project report on fluctuation of indian stock marketSummer training project report on fluctuation of indian stock market
Summer training project report on fluctuation of indian stock market
shailehpalrecha
 

Viewers also liked (17)

Nclb ayp compass pp
Nclb ayp compass ppNclb ayp compass pp
Nclb ayp compass pp
 
Redes sociales en la educación
Redes sociales en la educaciónRedes sociales en la educación
Redes sociales en la educación
 
How To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your JobHow To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your Job
 
Autobiography
AutobiographyAutobiography
Autobiography
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
Asteroïden
AsteroïdenAsteroïden
Asteroïden
 
Protocolo
Protocolo Protocolo
Protocolo
 
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.
 
танилцуулга
танилцуулгатанилцуулга
танилцуулга
 
Kermit the frog
Kermit the frogKermit the frog
Kermit the frog
 
τι ωραία τι χαρά
τι ωραία τι χαράτι ωραία τι χαρά
τι ωραία τι χαρά
 
Social studies
Social studiesSocial studies
Social studies
 
Scientific writing masterclass 2011
Scientific writing masterclass 2011Scientific writing masterclass 2011
Scientific writing masterclass 2011
 
Cloud Native Streaming and Event-Driven Microservices
Cloud Native Streaming and Event-Driven MicroservicesCloud Native Streaming and Event-Driven Microservices
Cloud Native Streaming and Event-Driven Microservices
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online Security
 
Summer training project report on fluctuation of indian stock market
Summer training project report on fluctuation of indian stock marketSummer training project report on fluctuation of indian stock market
Summer training project report on fluctuation of indian stock market
 
saras dairy ajmer
saras dairy ajmersaras dairy ajmer
saras dairy ajmer
 

Similar to Keeping hackers out of your POS!

Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
caca1009
 
Cyber-Leave-Behind-Brochure-Done (1)
Cyber-Leave-Behind-Brochure-Done (1)Cyber-Leave-Behind-Brochure-Done (1)
Cyber-Leave-Behind-Brochure-Done (1)
Sam Norallah
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Erik Ginalick
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013
DaveEdwards12
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
DaveEdwards12
 
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptxCheck-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
kris harden
 

Similar to Keeping hackers out of your POS! (20)

eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers Safe
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
Secure End User
Secure End UserSecure End User
Secure End User
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile Security
 
Digital Security and Hygiene.pptx
Digital Security and Hygiene.pptxDigital Security and Hygiene.pptx
Digital Security and Hygiene.pptx
 
Cyber-Leave-Behind-Brochure-Done (1)
Cyber-Leave-Behind-Brochure-Done (1)Cyber-Leave-Behind-Brochure-Done (1)
Cyber-Leave-Behind-Brochure-Done (1)
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactions
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
E commerce- securing the business on internet
E commerce- securing the business on internetE commerce- securing the business on internet
E commerce- securing the business on internet
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptxCheck-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 

Recently uploaded

Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
dlhescort
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 

Recently uploaded (20)

Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 

Keeping hackers out of your POS!

  • 1. AVG.COM.AU AVG.CO.NZ Keeping the hackers out of your POS! Michael McKinnon, AVG Security Advisor
  • 2. What are we looking at today? AVG.COM.AU AVG.CO.NZ
  • 3. Quick Overview 1.The Problem 2.Attack Vectors 3.Types of Attacks 4.Solutions AVG.COM.AU AVG.CO.NZ
  • 4. The Problem Unlike shoplifters, cybercriminals set up camp and stay there, stealing from retailers for extended periods of time.
  • 5. PC based POS systems • They are cheap, efficient and can be used for multiple purposes • However, the PC has become the POS security “battleground” + + AVG.COM.AU AVG.CO.NZ
  • 6. Data breaches are still too easy! Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
  • 7. Offline retail is the biggest cybercrime target Australian Retail Spend Offline Retail Online Retail 4% 96% Source: NAB Online Retails Sales Index – July 2012 AVG.COM.AU AVG.CO.NZ
  • 8. Infiltration of POS transaction data There are lots of examples in the news… Source: www.cio.com.au/article/436663/two_romanians_plead_guilty_point-of-sale_hacking/ AVG.COM.AU AVG.CO.NZ
  • 9. Attack Vectors There are 6 ways cybercriminals can gain entry into your retail business…
  • 10. #1. Default passwords The user manual says: “Step 1. Change the default password” BUT, it is far too common that these are not changed, or they’re changed to someone else’s “default” password (which is widely known) AVG.COM.AU AVG.CO.NZ
  • 11. Which password is the most secure? 1. E56#av+Yb! 2. Password123 3. aaaaaAAAAA#####43 4. 123456 5. lucasjames AVG.COM.AU AVG.CO.NZ
  • 12. Answer: aaaaaAAAAA#####43 But why? • 17 characters in length • Contains upper and lowercase letters • Contains numbers • Contains a symbol • There are 37 thousand billion billion billion possible combinations! Learn other tips to creating a secure password here. AVG.COM.AU AVG.CO.NZ
  • 13. #2. Remote desktop access • Convenient and very common for providing remote support • But, often poorly implemented with weak passwords AVG.COM.AU AVG.CO.NZ
  • 14. #3. Insecure wireless networks • Wireless networks are convenient in retail environments, however when they’re poorly configured, they represent a huge security risk • Data packets can be “sniffed” by nearby attackers AVG.COM.AU AVG.CO.NZ
  • 15. #4. Phishing, spear phishing & whaling • Phishing is the sending of specially crafted emails to trick users into divulging sensitive information. For example: “Click here to see the details of your order” –> (login page) • Handling email in a retail setting can be very dangerous! AVG.COM.AU AVG.CO.NZ
  • 16. #5. Social engineering • Social engineering means that gaining access to someone’s computer only needs to be as hard as gaining their trust! • What do you give for a 10th wedding anniversary…? “I could have got her to click on anything I wanted!” • It’s about customer service vs customer honesty AVG.COM.AU AVG.CO.NZ
  • 17. #6. Physical disclosure • Modern retail layouts often remove the traditional counter, exposing equipment to theft or tampering • Disclosure of the makes and models, or other identifying labels, can also compromise retailers • Physical loss is no.1 risk for secure mobile devices AVG.COM.AU AVG.CO.NZ
  • 18. Types of Attack Malware and hacking are the most common attack methods used by cybercriminals.
  • 19. Common types of attack Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
  • 20. Malware & Trojans • Common varieties that cause general havoc include Fake Antivirus & ransomware • Retail / POS specific – “RAM scrapers” (designed to exflitrate transaction data) • Remote control Trojan or Rootkit (designed to remain hidden for future access) AVG.COM.AU AVG.CO.NZ
  • 21. Hacking • When combined with custom written malware, hacking is highly- targeted and designed to avoid detection and remain in place for a long time • In 2011, Verizon reported that 81% of incidents utilised some form of hacking AVG.COM.AU AVG.CO.NZ
  • 22. Solutions You may be surprised that security solutions are often simple and inexpensive.
  • 23. The solutions are NOT expensive Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
  • 24. Tips & suggestions 1. Use strong passwords and change the default ones 2. Secure remote access with strong authentication 3. All wireless networks should use “WPA” or “WPA2” 4. Avoid spam email – use an Anti-Spam solution 5. Increase staff awareness of social engineering tactics 6. Use endpoint protection on every device (antivirus and anti-malware) – AVG is a good choice! AVG.COM.AU AVG.CO.NZ
  • 25. Follow the money • Cybercriminals tend to “follow the money” • This means the types of attack are often predictable: • Credit card data • Private customer information • Refund / returns policy • Bank accounts • Financial processes AVG.COM.AU AVG.CO.NZ
  • 26. Talk to your IT provider & stay in the loop! • Ask them: “How are you keeping us secure?” • Sign up to vendor notification / update lists • Every six months, do a proper review of security AVG.COM.AU AVG.CO.NZ
  • 27. Thank you! For even more information on retail security, visit: avg.com.au/POS facebook.com/avgaunz avg.com.au avg.co.nz twitter.com/avgaunz AVG.COM.AU AVG.CO.NZ