As larger companies improve their defenses and resilience against malicious cyber actors, small and medium-size businesses have become an easy target for cybercriminals. By managing your companies' cybersecurity, business owners and managers not only help protect their livelihood but also help preserve crucial business and customer information.
Review your firewall configurations and ensure that only allowed ports, services, and Internet protocol (IP) addresses are communicating with your network. This is especially critical for outbound (e.g., egress) firewall rules in which compromised entities allow all ports to communicate with any IP address on the Internet. Hackers leverage this configuration to send data to their systems.
PCI compliance requires that data networks be separate from networks used for processing your credit card information. Segregate your payment processing networks from your other networks. Once you have your card payment network separated, it's easier to control communications and only allow transaction communications with your payment processor. By restricting communications, you can prevent an infected machine from sending your customer's data to malicious actors.
Once your payment data is separated from your regular data network, you should apply Access Control Lists (ACLs) on your router and firewall configurations. Using an ACL will help you limit unauthorized traffic.
Create strict ACL's segmenting public-facing systems and back-end database systems that house payment card data. Your payment processing hardware doesn't need to access all your PCI data. Once the transaction has been processed, the data should be tokenized and made inaccessible from your public-facing systems.
Implementing data leakage prevention/detection tools will help you detect and prevent data exfiltration. Email filters can be used to avoid unintentional loss through well-meaning employees who may be trying to "help" a business colleague. Social engineering is the easiest way for someone to gain access to your systems. Through Social Engineering, well-meaning employees are tricked into believing they are helping a superior and coerced to transfer data and even nightly deposits to malicious actors.
Network administrators should implement tools to detect anomalous network traffic and abnormal behavior by legitimate users with compromised credentials.
We recommend quarantining any new network device for seven to ten days on a separate network segment on a fully monitored segment of your network. Quarantining will allow you to watch the traffic traveling to and from your new device, giving you the ability to verify that the device wasn't tampered with before installation.
Assign a strong password to security solutions to prevent application modification. Use two-factor authentication (2FA) where feasible. Don't be afraid to use a passphrase. Passphrases are typically longer than passwords, for added security, and contain multiple words that create a phrase.
Perform a binary or checksum comparison to ensure unauthorized files have not been installed on your POS system. A checksum is a small bit of data that has been calculated from a larger block of data. The smaller block of data is used to find errors or changes in the data that may have occurred from one point in time to another. If the size of the data on your system changes the binary or checksum value will also change. As an example, if I create a file on my computer named QBF.txt and that file contains the text "The quick brown fox jumped over the lazy dog." the checksum for that file is 5c6ffbdd40d9556b73a21e63c3e0e904. Now, if I change the text in that file to "The quick brown fox jumped over the lazy dog" my checksum value changes to 08a008a01d498c404b0c30852b39d3b8. You can see by looking at the checksum it becomes immediately obvious that something in my text file has changed. By keeping track of your checksum values for the files in the directory containing your POS software you'll be able to see when your data has changed. Most operating systems have the ability to calculate checksum values built into the OS. To compute the MD5 and the SHA-1 hash values for a Windows 10 file, type the following command at a command line:
FCIV -md5 -sha1 path\filename.ext
For example, to compute the MD5 and SHA-1 hash values for the Shdocvw.dll file in your %Systemroot%\System32 folder, type the following command:
FCIV -md5 -sha1 c:\windows\system32\shdocvw.dll
Remote Desktop Connection is a technology that allows you to use a client computer to access a remote computer in a different location.
Malicious cyber actors are using desktop sharing software to facilitate a range of network intrusion activities. MCA's are using both authorized and unauthorized installations to gain control of victim systems and access to otherwise inaccessible files. Desktop sharing software has multiple legitimate uses, but can also be exploited through malicious actors' use of social engineering tactics and other illicit measures.
Cyber actors can convince victims to voluntarily download and install desktop sharing software, often through the guise of providing technical support or with the assistance of corrupt insiders. Cyber actors also use stolen credentials to access victim systems through existing desktop sharing software installations installed by your IT department or Managed Services Provider. This gives cyber actors complete control over an affected system, enabling them to perform a range of malicious activities.
Business owners are encouraged to use strong passwords to protect Remote Desktop Protocol (RDP) credentials and whenever possible, use multiple-factor authentication. Auditing remote connection protocol logs, training users to identify and report social engineering, and keeping software up to date is also an essential part of protecting your business from a cyber breach.