It seems like an every day occurrence–another retailer reports a breach involving the theft of data involving millions of customers. Target, P.F. Chang’s, Goodwill, Supervalu, Michaels, UPS Stores…the list goes on and on.
These are not the work of criminal masterminds, but crimes of opportunity. It’s the cyber-equivalent of the guy walking thru the parking garage, checking car doors to see if any are unlocked. Start with the easy ones…then go to the ones that are locked and don’t have an alarm. Keep looking…if you don’t see any, then move on to the next garage.
That’s what’s happening in the point-of-sale parking deck. Potential thieves scanning for unsecured remote access applications or remote access malware. There are a few billion to check, but it’s a numbers game – eventually they’ll happen across an unlocked Mercedes with a briefcase full of cash in the backseat.
We could make the odds exponentially higher for the bad guys if we just put some simple steps in place.
Rule One: If the world doesn’t need to see it, put it behind an encrypted VPN connection.
Rule Two: If the computer only needs to talk to a limited number of systems on the Internet then limit the conversation.
Rule Three: Trust someone with the right credentials to observe, monitor, be aware.
So, you’ve locked the doors with your smart key. You’ve tinted the windows so no one can see inside. You have a top-notch alarm system with a corresponding app on your smartphone. Most importantly, there is an alert professional methodically watching the security monitors, ready to act in a proscribed way to counter any sort of imaginable scenario.
Which brings us to Rule Four: Leave Nothing to Chance.