Take POS (Point of Sale) systems, for example. If you do any retail business, then it’s overwhelmingly likely that you’ve got one, and if their security isn’t up to par, the data belonging to the customers who do business with you is still at risk.
In recent months, we’ve seen a number of high profile attacks that have been centered on POS systems, because hackers have correctly identified them as being the weakest link in the chain. The most common targets to date have been hotel and restaurant chains, but the reality is that anyone who has a POS system installed is at risk.
In most cases involving breaches via this vector, the attack succeeded thanks to compromised login credentials. There are two main paths to success that hackers have been finding. The first is in convention phishing attacks, in which a hacker will fool a system user into giving up his or her login credentials. The second, and in some ways, more disturbing of the two is that in a significant number of instances, the default login credentials established when the system was initially set up were never changed. In metaphoric terms, this is a bit like leaving your front door unlocked, and painting a sign above it, alerting everyone to that fact.
The lesson here is a simple one. If you’re serious about the security of your customers’ data, then you must take the step to do the necessary due diligence to ensure that the POS vendor you’re using is every bit as serious about security as you are.