Call Now For IT Support in New York City (718) 377-0922
Call Now For IT Support in New York City (718) 377-0922

The Buckled got hacked. Don’t join them.

Malware spent almost 6 months stealing the credit card information of customers at The Buckle, Inc. The Buckle is a clothing chain that operates 450 stores throughout the US. And it turns out that their Point of Sale (POS) system got hacked.

While The Buckle is not sharing any information about how this happened, there are a few things any business should think about. Think of it as a baseline for security.

The first thing is segmentation of your network. It’s good to lock down you POS workstations, but if it’s on the same network as unsecured computers, you might as well not bother. It’s trivial for malware to move from one part of the network to another.

The next thing to think about is access. Who has access to your computers, and what can they do? Can they stick their own USB keys into any computer? Where can they go on the internet? What can they run or install?

How are you securing your perimeter and devices? You should be using multiple layers, at the core, perimeter and each device. The obvious items in this category are anti-virus on your servers and devices, and a good firewall with a filter. Spam filters are another good layer, too, since so much malware gets sent via phishing with dangerous links in email.

The reality is, though, that even with good defenses, you can get hacked. As with your health, the difference between an annoyance and something that can have a huge cost is often early detection. The sooner you find some malware, the better off you are. It means fewer angry customers, fewer fraudulent transactions, fewer compromised accounts, less mess overall.

That’s where monitoring comes in. You want to monitor your defenses. But you also want to monitor behavior. There are some fairly stable patterns in the behavior of your equipment, staff and even customers. If you see something out of line, you need to investigate.

If your response is “Who has time for all of this?” you have my sympathies. But that won’t get you out of trouble. What will get you out of trouble is finding someone – or better yet a reputable company – to rake on the burden. Get someone to come in and get your security house in order. Then have them monitor your systems. That should keep you out of the mess The Buckle is in.

 

https://krebsonsecurity.com/2017/06/credit-card-breach-at-buckle-stores/

About the author

Skip to toolbar