News of a security breach at the Hard Rock Hotel & Casino in Las Vegas has dominated US headlines recently. The latest in a string of hotel breaches saw hackers place malware on the company’s payment system which enabled them to access the card details of customers including everything from the card number to verification code.
The number of potentially-impacted cards hasn’t been made public (possibly because Hard Rock simply doesn’t know the extent of the damage), but even if it numbered one, that’s one card too many and proof that POS systems should never be overlooked when it comes to virus and malware protection.
This data breach example in Las Vegas is undeniably high profile and took place within the confines of a large, complex business, but if you run an independent hotel, your property could also be inadvertently leaving numerous back doors open for hackers.
It is vitally important you act now to secure your till system and its connected services, as these are key targets for hackers. And we think we can help with 5 tips you can use to improve the security of your hotel POS system.
1. Implement a POS system!
The most insecure POS systems are the ones that don’t exist. For example, if you’re still operating a simple cash register and standalone card machine, you’re open to many of the more basic forms of fraudulent and criminal activity.
If someone can dip their hand into the till unnoticed, safe in the knowledge that there are no safety measures or metrics for POS usage in place, the fact your basic till is incapable of contracting viruses is largely irrelevant.
Invest in a decent POS system that offers plenty of security features and user accountability built in. Better still, pick one that can link seamlessly and securely to a Chip and Pin machine.
2. Don’t share logins
Do all staff share the same EPOS login code? Do managers interchange key fobs? If so, and no matter how much you trust your staff, you’re falling at the first hurdle of POS security.
Get rid of default passwords and ensure every staff member has their own form of sign-on that only they know (fingerprint is the ultimate solution here). Doing so will protect both your staff and business immeasurably.
3. Get to know your enemy
A great battle commander knows his enemy. In order to prevent data and security breaches on your hotel’s POS system, you need to know who could be targeting it and their methods for doing so.
Here’s how a hacker may try and gain entry to your system:
- by hunting down default passwords and vendor-supplied login credentials
- by taking advantage of poor or vacant firewalls
- by gaining remote access via tools like Microsoft Remote Desktop or LogMeIn
Perhaps more disturbing is the fact that many security breaches take place from within by hackers who manage to gain temporary employment at targeted businesses. Again, and rather than creating a culture of fear and distrust, this is another reason a security-focused POS system and set of rules for its use are an absolute must for any hotel.
4. Ensure you are PCI compliant
The PCI Standard is a set of rules governing the handling, storage and transmission of credit card details. It isn’t the easiest of topics to get your head around, but its reason for being and the best practices it demands should absolutely be taken into account when it comes to your POS system.
Your business will face steep penalties if it fails to become PCI compliant, so it pays to check with your POS provider that their system has passed its PCI DSS evaluation.
5. Isolate your POS network
Are your tills running on the same network as your office PCs and guest internet access? If so, you’re opening far too many doors to critical business data. Isolate your POS network by using separate routers and IP ranges for those devices. Your IT contractor or onsite expert will be able to help and there shouldn’t be a requirement to re-wire, you’ll be glad to hear.
We wish we didn’t have to write posts like this, but we live in a damaged digital society that contains numerous threats capable of striking at any time if proper precautions aren’t taken.
The above is not intended to scare you into spending a fortune on POS systems with military-grade security - you simply don’t need to. What’s needed is some vigilance and a good knowledge of what makes hackers’ lives easier. Follow the tips above to make their job of accessing your POS system so difficult they’ll simply move onto their next target.