Sometimes it’s a good thing to be in the majority. But the 90% that was mentioned at the RSA Conference 2015 is not a good thing to be a part of. SC Magazine’s Adam Greenberg reported on the problem in his article, “RSA 2015: Point-of-sale system security is lacking.”
Default Passwords Should Be Changed
That 90% was the number of POS terminals still using one vendor’s default password. This particular password has been the default since 1990. How many hackers do you think have figured this out in the last 25 years?
I can imagine that the reason most businesses go with a default password is because it seems easier. It really is more trouble to come up with passwords and then change them regularly, along with all the other layers of security that business has to think about.
Security Makes A Difference
Consumer confidence includes security because nobody wants to mess with ID theft. But it matters to businesses because we can’t afford it either. We’ve talked about various security issues on this blog because it is essential to online marketing.
I spoke one time to a security expert who said that the weak link in any system is the people. He would come in to a business a few times, chat up some different people, and glean details about their security system. Nobody would tell him deliberately, but he could get a little bit from someone, a little bit more from someone else, and build a reasonable theory to start hacking the business.
Then he’d do it, and show the owners why they needed his services. He was a great salesman.
Security Details Keep You In The Right Group
Nobody wants to be in the group of businesses dealing with reputation damage from security breaches. And truly, there can be a security breach that isn’t within your power to prevent. But most of the time, a security breach happens because someone didn’t bother to follow the protocol.
The RSA article ended with these suggestions:
- do not store payment card data on registers
- enforce strong authentication policies
- do not run POS systems as administrator
- keep systems patched and antivirus signatures current
- use strong authentication
- don’t use default passwords
These are not high-tech things, but this lesson goes way past the Point-of-Sale. One of the biggest things you can do to make your site and business effective is pay attention to security details. I think it’s like any other maintenance issue — if you don’t deal with it, eventually it shows and you regret your decision.