Security Insights

Cyber Attacks: An Ever-Present Threat for Small Retailers

Eric Talley 3 Min Read | October 13, 2020
A woman behind glass stares at a computer screen
Cyber Attacks: An Ever-Present Threat for Small Retailers

Things seemed simpler in the days of analog cash registers. As a retailer, your chief concern was internal theft or poor math skills that resulted in incorrect change.

Times have changed, and along with the convenience of tap-to-pay cards (and cash being all but forgotten in the retail space), retailers face new threats that could cause irreparable damage to their business.

There are a whole host of challenges that modern technology has introduced to the retail industry. Instead of losing $15-$20 at a time, your business could be losing valuable customer credit card information that could result in actions taken against you and your business. Hundreds of dollars’ worth of transactions could be lost due to internet connectivity issues. You could be responsible for sensitive employee information being accessed on the dark web. The list goes on.

How are retailers vulnerable to cyber attacks?

Modern point-of-sale (POS) systems are computers. They are connected to a network, and they transfer card information over that same network. What if something malicious on that network is monitoring that activity? Or even something on the POS computer? Malware can sit unnoticed on a machine for months, gathering every keystroke and bit of information that is flowing through.

Imagine reaching out to every customer you’ve had in the past three months and explaining that their credit card information might have been obtained while they were buying something at your store. That likely doesn’t bode well for repeat business.

Our dependency on the internet cuts both ways. While it’s undeniably more convenient than older methods of communication, a dropout in that service can be crippling. Your POS system could stop communicating and cause you to halt card transactions for a period of time. Asking customers if they can pay cash for the items they have selected might hinder business in today’s plastic-dominated culture.

Additionally, during your hiring process, you collect personal information for your employees, including Social Security number, home address, birth date, etc. Where is this information stored? If you have digital copies or a database on-site, this information could be susceptible to a cyber attack as well.

What can you do to stop cyber attacks?

POS systems are likely your main concern, and there are some practices that you can work on to prevent those threats. Continue reading to learn some helpful tips.

Like most computers, there are USB ports on the front of POS machines. Many of us have seen a cashier checking us out with their phone charging on the port of that same machine. Phones can be Trojan horses for a virus, even without that individual knowing it. Plugging those devices in can bypass any firewall that is protecting your network. Your first step is to put a policy in place that restricts this activity.

Speaking of firewall, most people think that their internet service provider offers a firewall through their router or that their anti-virus software covers this. Both of these options are helpful, but they do not fully restrict and monitor the traffic coming onto your network. Viruses and hacker strategies change minute-to-minute, making it incredibly difficult for a standard router firewall to keep up without constant updates. However, some systems monitor these risks and can better protect your system using advanced network analytics.

There are solutions that will protect every device behind the gate that you create, and evaluating their features and benefits are as important as who manages that system for you. Choose a system that not only protects you from the constantly changing threats, but also gives you the capabilities to help your network run more efficiently.

Start taking the necessary steps now to mitigate the risks outlined above, and enjoy the peace of mind that your business can remain safe and profitable in the future.


Disclaimer: By using the Blog section of this website (“Blog”), you agree to the terms of this Disclaimer, including but not limited to the terms of use found here and our privacy policy found here. The information provided on this Blog is for informational purposes only. Such information is not intended to provide advice on your specific security needs nor to provide legal advice. If you would like to speak to a STANLEY Security representative about your specific security needs, please contact us here.