In recent years, cyber security threats to point-of-sale (POS) devices have become a growing area of interest for many of our customers. Given the threats that now face companies handling credit card information – with the resources of small to mid-market businesses – and the new standards of the updated PCI DSS, many of our clients are wisely looking for ways to ensure their POS security practices are as effective as possible.

I recall, not too long ago, one of our clients in the airport restaurant business had installed an airport kiosk POS system and also offered free WiFi which people could browse the web while waiting for their flights. In most cases, securing this service shouldn’t be a problem. However, during lulls in the workday, some employees would sometimes attempt to plug their own personal laptops directly into the access link, thereby circumventing the security gateway measures, such as network access control, IPS, URL filtering, port security, and logging. This poses several issues with physical security, as well as acceptable use policies, etc. The most critical issue is potentially compromising the POS system security and logging altogether. Due to gaps in monitoring processes/capabilities, these issues would often times go unnoticed by the IT staff – when the local area management points this out, it would be a black eye for the IT director Read more