SlideShare a Scribd company logo

Keeping hackers out of your POS!

Download as PPTX, PDF
AVG Technologies AU
AVG Technologies AU

Michael McKinnon, Security Advisor for AVG, shares his tips for staying secure in retail and POS environments, so retailers can protect themselves from cybercrime.

BusinessTechnology
1 of 27
AVG.COM.AU AVG.CO.NZ Keeping the hackers out of your POS! Michael McKinnon, AVG Security Advisor
What are we looking at today? AVG.COM.AU AVG.CO.NZ
Quick Overview 1.The Problem 2.Attack Vectors 3.Types of Attacks 4.Solutions AVG.COM.AU AVG.CO.NZ
The Problem Unlike shoplifters, cybercriminals set up camp and stay there, stealing from retailers for extended periods of time.
PC based POS systems • They are cheap, efficient and can be used for multiple purposes • However, the PC has become the POS security “battleground” + + AVG.COM.AU AVG.CO.NZ
Data breaches are still too easy! Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
Offline retail is the biggest cybercrime target Australian Retail Spend Offline Retail Online Retail 4% 96% Source: NAB Online Retails Sales Index – July 2012 AVG.COM.AU AVG.CO.NZ
Infiltration of POS transaction data There are lots of examples in the news… Source: www.cio.com.au/article/436663/two_romanians_plead_guilty_point-of-sale_hacking/ AVG.COM.AU AVG.CO.NZ
Attack Vectors There are 6 ways cybercriminals can gain entry into your retail business…
#1. Default passwords The user manual says: “Step 1. Change the default password” BUT, it is far too common that these are not changed, or they’re changed to someone else’s “default” password (which is widely known) AVG.COM.AU AVG.CO.NZ
Which password is the most secure? 1. E56#av+Yb! 2. Password123 3. aaaaaAAAAA#####43 4. 123456 5. lucasjames AVG.COM.AU AVG.CO.NZ
Answer: aaaaaAAAAA#####43 But why? • 17 characters in length • Contains upper and lowercase letters • Contains numbers • Contains a symbol • There are 37 thousand billion billion billion possible combinations! Learn other tips to creating a secure password here. AVG.COM.AU AVG.CO.NZ
#2. Remote desktop access • Convenient and very common for providing remote support • But, often poorly implemented with weak passwords AVG.COM.AU AVG.CO.NZ
#3. Insecure wireless networks • Wireless networks are convenient in retail environments, however when they’re poorly configured, they represent a huge security risk • Data packets can be “sniffed” by nearby attackers AVG.COM.AU AVG.CO.NZ
#4. Phishing, spear phishing & whaling • Phishing is the sending of specially crafted emails to trick users into divulging sensitive information. For example: “Click here to see the details of your order” –> (login page) • Handling email in a retail setting can be very dangerous! AVG.COM.AU AVG.CO.NZ
#5. Social engineering • Social engineering means that gaining access to someone’s computer only needs to be as hard as gaining their trust! • What do you give for a 10th wedding anniversary…? “I could have got her to click on anything I wanted!” • It’s about customer service vs customer honesty AVG.COM.AU AVG.CO.NZ
#6. Physical disclosure • Modern retail layouts often remove the traditional counter, exposing equipment to theft or tampering • Disclosure of the makes and models, or other identifying labels, can also compromise retailers • Physical loss is no.1 risk for secure mobile devices AVG.COM.AU AVG.CO.NZ
Types of Attack Malware and hacking are the most common attack methods used by cybercriminals.
Common types of attack Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
Malware & Trojans • Common varieties that cause general havoc include Fake Antivirus & ransomware • Retail / POS specific – “RAM scrapers” (designed to exflitrate transaction data) • Remote control Trojan or Rootkit (designed to remain hidden for future access) AVG.COM.AU AVG.CO.NZ
Hacking • When combined with custom written malware, hacking is highly- targeted and designed to avoid detection and remain in place for a long time • In 2011, Verizon reported that 81% of incidents utilised some form of hacking AVG.COM.AU AVG.CO.NZ
Solutions You may be surprised that security solutions are often simple and inexpensive.
The solutions are NOT expensive Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
Tips & suggestions 1. Use strong passwords and change the default ones 2. Secure remote access with strong authentication 3. All wireless networks should use “WPA” or “WPA2” 4. Avoid spam email – use an Anti-Spam solution 5. Increase staff awareness of social engineering tactics 6. Use endpoint protection on every device (antivirus and anti-malware) – AVG is a good choice! AVG.COM.AU AVG.CO.NZ
Follow the money • Cybercriminals tend to “follow the money” • This means the types of attack are often predictable: • Credit card data • Private customer information • Refund / returns policy • Bank accounts • Financial processes AVG.COM.AU AVG.CO.NZ
Talk to your IT provider & stay in the loop! • Ask them: “How are you keeping us secure?” • Sign up to vendor notification / update lists • Every six months, do a proper review of security AVG.COM.AU AVG.CO.NZ
Thank you! For even more information on retail security, visit: avg.com.au/POS facebook.com/avgaunz avg.com.au avg.co.nz twitter.com/avgaunz AVG.COM.AU AVG.CO.NZ

Recommended

Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGrant Swanson
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the HackJason Jakus
 
How I'd hack into your business and how you can stop me!
How I'd hack into your business and how you can stop me!How I'd hack into your business and how you can stop me!
How I'd hack into your business and how you can stop me!AVG Technologies AU
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
Jeff lanza id theft handout business march 2011
Jeff lanza id theft handout business march 2011Jeff lanza id theft handout business march 2011
Jeff lanza id theft handout business march 2011Lawrence Medical Managers
 
Umbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableUmbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableOpenDNS
 

Recommended

Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGrant Swanson
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the HackJason Jakus
 
How I'd hack into your business and how you can stop me!
How I'd hack into your business and how you can stop me!How I'd hack into your business and how you can stop me!
How I'd hack into your business and how you can stop me!AVG Technologies AU
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
Jeff lanza id theft handout business march 2011
Jeff lanza id theft handout business march 2011Jeff lanza id theft handout business march 2011
Jeff lanza id theft handout business march 2011Lawrence Medical Managers
 
Umbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableUmbrella for MSPs: Cloud Security via N-able
Umbrella for MSPs: Cloud Security via N-ableOpenDNS
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...NowSecure
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber SecurityDimitris Chalambalis
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
 
Sectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based CompanySectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based CompanySectechbiz
 
Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Filip Maertens
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Onlinepcsafe
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsDarraghCommsec
 
Web security 2012
Web security 2012Web security 2012
Web security 2012Mohamed Elabnody
 
BYOD and Your Business
BYOD and Your BusinessBYOD and Your Business
BYOD and Your Businesscherienetclarity
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?5 Minute Webinars
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security IndustryUnsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industrydigitallibrary
 
Nclb ayp compass pp
Nclb ayp compass ppNclb ayp compass pp
Nclb ayp compass ppILESCRS
 
Redes sociales en la educación
Redes sociales en la educaciónRedes sociales en la educación
Redes sociales en la educaciónAndrea Ludeña
 

More Related Content

What's hot

Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...NowSecure
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
 
Sectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based CompanySectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based CompanySectechbiz
 
Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Filip Maertens
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Onlinepcsafe
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsDarraghCommsec
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?5 Minute Webinars
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security IndustryUnsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industrydigitallibrary
 

What's hot (20)

Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
 
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeExtreme Hacking: Encrypted Networks SWAT style - Wayne Burke
Extreme Hacking: Encrypted Networks SWAT style - Wayne Burke
 
Sectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based CompanySectechbiz Is A Uae Based Company
Sectechbiz Is A Uae Based Company
 
Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your business
 
The Safest Way To Interact Online
The Safest Way To Interact OnlineThe Safest Way To Interact Online
The Safest Way To Interact Online
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Top 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEsTop 10 Cyber Security Tips for SMEs
Top 10 Cyber Security Tips for SMEs
 
Web security 2012
Web security 2012Web security 2012
Web security 2012
 
BYOD and Your Business
BYOD and Your BusinessBYOD and Your Business
BYOD and Your Business
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?Cyber Espionage: Are You Being Hunted?
Cyber Espionage: Are You Being Hunted?
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security IndustryUnsafe at Any Speed: 7 Dirty Secrets of the Security Industry
Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry
 

Viewers also liked

Nclb ayp compass pp
Nclb ayp compass ppNclb ayp compass pp
Nclb ayp compass ppILESCRS
 
Redes sociales en la educación
Redes sociales en la educaciónRedes sociales en la educación
Redes sociales en la educaciónAndrea Ludeña
 
How To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your JobHow To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your JobAVG Technologies AU
 
Autobiography
AutobiographyAutobiography
Autobiographyjfaloon15
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.Manish Bhanji
 
танилцуулга
танилцуулгатанилцуулга
танилцуулгаNarantuya_1973
 
τι ωραία τι χαρά
τι ωραία τι χαράτι ωραία τι χαρά
τι ωραία τι χαράMatina Kallitsari
 
Scientific writing masterclass 2011
Scientific writing masterclass 2011Scientific writing masterclass 2011
Scientific writing masterclass 2011Kelly Chan
 
Cloud Native Streaming and Event-Driven Microservices
Cloud Native Streaming and Event-Driven MicroservicesCloud Native Streaming and Event-Driven Microservices
Cloud Native Streaming and Event-Driven Microservicesmarius_bogoevici
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityAVG Technologies AU
 
Summer training project report on fluctuation of indian stock market
Summer training project report on fluctuation of indian stock marketSummer training project report on fluctuation of indian stock market
Summer training project report on fluctuation of indian stock marketshailehpalrecha
 

Viewers also liked (17)

Nclb ayp compass pp
Nclb ayp compass ppNclb ayp compass pp
Nclb ayp compass pp
 
Redes sociales en la educación
Redes sociales en la educaciónRedes sociales en la educación
Redes sociales en la educación
 
How To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your JobHow To Be Facebook Friends With The Boss & Keep Your Job
How To Be Facebook Friends With The Boss & Keep Your Job
 
Autobiography
AutobiographyAutobiography
Autobiography
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
Asteroïden
AsteroïdenAsteroïden
Asteroïden
 
Protocolo
Protocolo Protocolo
Protocolo
 
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.
Innovative Rural outdoor advertising Jagat creative solutions pvt.ltd.
 
танилцуулга
танилцуулгатанилцуулга
танилцуулга
 
Kermit the frog
Kermit the frogKermit the frog
Kermit the frog
 
τι ωραία τι χαρά
τι ωραία τι χαράτι ωραία τι χαρά
τι ωραία τι χαρά
 
Social studies
Social studiesSocial studies
Social studies
 
Scientific writing masterclass 2011
Scientific writing masterclass 2011Scientific writing masterclass 2011
Scientific writing masterclass 2011
 
Cloud Native Streaming and Event-Driven Microservices
Cloud Native Streaming and Event-Driven MicroservicesCloud Native Streaming and Event-Driven Microservices
Cloud Native Streaming and Event-Driven Microservices
 
Emerging Threats and Trends in Online Security
Emerging Threats and Trends in Online SecurityEmerging Threats and Trends in Online Security
Emerging Threats and Trends in Online Security
 
Summer training project report on fluctuation of indian stock market
Summer training project report on fluctuation of indian stock marketSummer training project report on fluctuation of indian stock market
Summer training project report on fluctuation of indian stock market
 
saras dairy ajmer
saras dairy ajmersaras dairy ajmer
saras dairy ajmer
 

Similar to Keeping hackers out of your POS!

eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeAVG Technologies AU
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliabilitycaca1009
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile SecurityAVG Technologies AU
 
Cyber-Leave-Behind-Brochure-Done (1)
Cyber-Leave-Behind-Brochure-Done (1)Cyber-Leave-Behind-Brochure-Done (1)
Cyber-Leave-Behind-Brochure-Done (1)Sam Norallah
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Erik Ginalick
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013DaveEdwards12
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions failDaveEdwards12
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsDaveEdwards12
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
E commerce- securing the business on internet
E commerce- securing the business on internetE commerce- securing the business on internet
E commerce- securing the business on internetSandhi Shivanya
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptxCheck-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptxkris harden
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionShane Rice
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 

Similar to Keeping hackers out of your POS! (20)

eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers Safe
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
Secure End User
Secure End UserSecure End User
Secure End User
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile Security
 
Digital Security and Hygiene.pptx
Digital Security and Hygiene.pptxDigital Security and Hygiene.pptx
Digital Security and Hygiene.pptx
 
Cyber-Leave-Behind-Brochure-Done (1)
Cyber-Leave-Behind-Brochure-Done (1)Cyber-Leave-Behind-Brochure-Done (1)
Cyber-Leave-Behind-Brochure-Done (1)
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactions
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
E commerce- securing the business on internet
E commerce- securing the business on internetE commerce- securing the business on internet
E commerce- securing the business on internet
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptxCheck-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
Check-Computer-Networks-to-Ensure-Safe-Operation-Johua-2nd.pptx
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 

Recently uploaded

8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 

Recently uploaded (20)

8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 

Keeping hackers out of your POS!

  • 1. AVG.COM.AU AVG.CO.NZ Keeping the hackers out of your POS! Michael McKinnon, AVG Security Advisor
  • 2. What are we looking at today? AVG.COM.AU AVG.CO.NZ
  • 3. Quick Overview 1.The Problem 2.Attack Vectors 3.Types of Attacks 4.Solutions AVG.COM.AU AVG.CO.NZ
  • 4. The Problem Unlike shoplifters, cybercriminals set up camp and stay there, stealing from retailers for extended periods of time.
  • 5. PC based POS systems • They are cheap, efficient and can be used for multiple purposes • However, the PC has become the POS security “battleground” + + AVG.COM.AU AVG.CO.NZ
  • 6. Data breaches are still too easy! Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
  • 7. Offline retail is the biggest cybercrime target Australian Retail Spend Offline Retail Online Retail 4% 96% Source: NAB Online Retails Sales Index – July 2012 AVG.COM.AU AVG.CO.NZ
  • 8. Infiltration of POS transaction data There are lots of examples in the news… Source: www.cio.com.au/article/436663/two_romanians_plead_guilty_point-of-sale_hacking/ AVG.COM.AU AVG.CO.NZ
  • 9. Attack Vectors There are 6 ways cybercriminals can gain entry into your retail business…
  • 10. #1. Default passwords The user manual says: “Step 1. Change the default password” BUT, it is far too common that these are not changed, or they’re changed to someone else’s “default” password (which is widely known) AVG.COM.AU AVG.CO.NZ
  • 11. Which password is the most secure? 1. E56#av+Yb! 2. Password123 3. aaaaaAAAAA#####43 4. 123456 5. lucasjames AVG.COM.AU AVG.CO.NZ
  • 12. Answer: aaaaaAAAAA#####43 But why? • 17 characters in length • Contains upper and lowercase letters • Contains numbers • Contains a symbol • There are 37 thousand billion billion billion possible combinations! Learn other tips to creating a secure password here. AVG.COM.AU AVG.CO.NZ
  • 13. #2. Remote desktop access • Convenient and very common for providing remote support • But, often poorly implemented with weak passwords AVG.COM.AU AVG.CO.NZ
  • 14. #3. Insecure wireless networks • Wireless networks are convenient in retail environments, however when they’re poorly configured, they represent a huge security risk • Data packets can be “sniffed” by nearby attackers AVG.COM.AU AVG.CO.NZ
  • 15. #4. Phishing, spear phishing & whaling • Phishing is the sending of specially crafted emails to trick users into divulging sensitive information. For example: “Click here to see the details of your order” –> (login page) • Handling email in a retail setting can be very dangerous! AVG.COM.AU AVG.CO.NZ
  • 16. #5. Social engineering • Social engineering means that gaining access to someone’s computer only needs to be as hard as gaining their trust! • What do you give for a 10th wedding anniversary…? “I could have got her to click on anything I wanted!” • It’s about customer service vs customer honesty AVG.COM.AU AVG.CO.NZ
  • 17. #6. Physical disclosure • Modern retail layouts often remove the traditional counter, exposing equipment to theft or tampering • Disclosure of the makes and models, or other identifying labels, can also compromise retailers • Physical loss is no.1 risk for secure mobile devices AVG.COM.AU AVG.CO.NZ
  • 18. Types of Attack Malware and hacking are the most common attack methods used by cybercriminals.
  • 19. Common types of attack Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
  • 20. Malware & Trojans • Common varieties that cause general havoc include Fake Antivirus & ransomware • Retail / POS specific – “RAM scrapers” (designed to exflitrate transaction data) • Remote control Trojan or Rootkit (designed to remain hidden for future access) AVG.COM.AU AVG.CO.NZ
  • 21. Hacking • When combined with custom written malware, hacking is highly- targeted and designed to avoid detection and remain in place for a long time • In 2011, Verizon reported that 81% of incidents utilised some form of hacking AVG.COM.AU AVG.CO.NZ
  • 22. Solutions You may be surprised that security solutions are often simple and inexpensive.
  • 23. The solutions are NOT expensive Source: Verizon Data Breach Investigations Report 2012 AVG.COM.AU AVG.CO.NZ
  • 24. Tips & suggestions 1. Use strong passwords and change the default ones 2. Secure remote access with strong authentication 3. All wireless networks should use “WPA” or “WPA2” 4. Avoid spam email – use an Anti-Spam solution 5. Increase staff awareness of social engineering tactics 6. Use endpoint protection on every device (antivirus and anti-malware) – AVG is a good choice! AVG.COM.AU AVG.CO.NZ
  • 25. Follow the money • Cybercriminals tend to “follow the money” • This means the types of attack are often predictable: • Credit card data • Private customer information • Refund / returns policy • Bank accounts • Financial processes AVG.COM.AU AVG.CO.NZ
  • 26. Talk to your IT provider & stay in the loop! • Ask them: “How are you keeping us secure?” • Sign up to vendor notification / update lists • Every six months, do a proper review of security AVG.COM.AU AVG.CO.NZ
  • 27. Thank you! For even more information on retail security, visit: avg.com.au/POS facebook.com/avgaunz avg.com.au avg.co.nz twitter.com/avgaunz AVG.COM.AU AVG.CO.NZ