Size Doesn’t Matter When it Comes to Data Breaches

    By Heartland

    A recent Emailage report reveals 48 percent of small businesses think they’re not big enough to be a target of online fraud. However, Verizon’s 2018 Data Breach Investigations reported that 61 percent of data breach victims are small businesses.

    While large corporations house large amounts of data, they are also capable of supporting their data center with the necessary protections. Meanwhile, small and mid-sized businesses have valuable records but generally lack network security protections. This makes them the perfect targets for attackers.

    The hospitality industry offers an especially tempting target for hackers looking to steal credit card data. Why? Because it can be easy to exploit unsecured networks, POS systems without defense, guest Wi-Fi, and third-party vendors with network access.

    Protection beyond point of sale

    Card swipes used to be the go-to method of stealing information in the past, before chip cards made it more difficult. Now fraudsters attack the business’ network or computer system, which stores files containing sensitive financial details.

    • Nearly 9 out of every 10 data breaches recorded in hotels and restaurants affected a point-of-sale (POS) system. These intrusions are specifically remote attacks against payment systems.
    • Ninety-three percent of hotel and restaurant breaches compromised information such as credit card and debit card numbers.
    • Mobile apps are another security vulnerability as loyalty programs have moved online and started aggregating all customer data in one place.

    Hacking is the most common form of data breach, followed by malware. Attackers target POS systems by installing malware once they’ve gained access to a hotel or restaurant’s network. This is often done using phishing emails, compromised third party access, or an unsecured Wi-Fi network. The malware can run silently in the background for months or years, copying credit card data from the cards the POS system runs, and sending that information back to the hacker.

    No measure of fraud prevention is too small

    Since most POS systems don’t have built-in security, protecting the network your POS is connected to is extremely important. Furthermore, your network should be segmented to make it more difficult for hackers to get malware onto a POS system in the first place.

    Keep in mind that fraud of any size and form negatively affects your business’ bottom line and reputation. In addition to taking steps to protect your network from intrusion, don’t forget to also transition your POS and terminal to EMV chip cards since your hotel or restaurant is on the hook for charges related to fraudulent credit card transactions.

    No measures of fraud prevention are too small. And no business, regardless of its size, should be complacent. •

    Originally published on the Heartland Blog on September 10, 2019.