At one point or another, nearly everyone has had a moment of cybersecurity gone wrong. Whether it’s a bit of spyware downloaded from your personal email or a distributed denial of service (DDoS) attack launched against your company’s network, experiences with security threats are not especially rare these days.
But understanding the odds and ends of cyberthreats is something that still eludes the casual computer user. Terms like malware, spyware, DDoS, botnet, advanced persistent threats, we know they’re bad news, but beyond that they’re just jargon used by IT guys and technology pundits. Even those who do claim to understand the nuances of cybersecurity have a tendency to confuse the details or explain them unclearly.
In recent years, cyber security threats to point-of-sale (POS) devices have become a growing area of interest for many of our customers. Given the threats that now face companies handling credit card information – with the resources of small to mid-market businesses – and the new standards of the updated PCI DSS, many of our clients are wisely looking for ways to ensure their POS security practices are as effective as possible.
I recall, not too long ago, one of our clients in the airport restaurant business had installed an airport kiosk POS system and also offered free WiFi which people could browse the web while waiting for their flights. In most cases, securing this service shouldn’t be a problem. However, during lulls in the workday, some employees would sometimes attempt to plug their own personal laptops directly into the access link, thereby circumventing the security gateway measures, such as network access control, IPS, URL filtering, port security, and logging. This poses several issues with physical security, as well as acceptable use policies, etc. The most critical issue is potentially compromising the POS system security and logging altogether. Due to gaps in monitoring processes/capabilities, these issues would often times go unnoticed by the IT staff – when the local area management points this out, it would be a black eye for the IT director
Previously, Ben had blogged about Why Mobile Device Management (MDM) is necessary for today’s enterprises. Today, I would like to touch on how to secure mobile devices. The main two components of securing mobile devices are 1) securing the connection between the mobile device and the corporate network, and 2) securing the device itself.
Securing the Connection