Many businesses across Corporate America are now starting to reopen their doors, to both clients and employees. But, COVID19 has taught both CIOs and CISOs alike some especially important lessons regarding security. In this article, we outline some of the steps that companies in the Retail, Healthcare, and Financial industries to take as they try to come back to a sense of some normalcy.
The Retail Sector
There is no doubt that the retail industry has been one of the hardest hit in terms of Cyberattacks. So, what can be done? Here some tips:
*Stop, as much as possible, the threat of Malware from entering your Point of Sale (POS) system:
Keep in mind that a bulk of the threat vectors stem from here. In fact, according to a recent study from IBM, 73% of the POS breaches impacted the Retail industry.
*Fortify your Point of Sale (PoS) systems:
- Deploy some kind antimalware/antivirus package onto each of your PoS systems.
- Continue testing your PoS systems, on a regular basis, to make sure that they do not have any hidden vulnerabilities or weaknesses in them. A good Penetration Test should help you track them down.
- If your business makes use a mobile based PoS app, make sure that that the network connectivity from it and any other communications channel is encrypted as much as possible.
- You should only work with a mobile payment provider that adheres to the highest levels of Cybersecurity, and that will also provide you with the latest software patches and upgrades in a timely manner.
*Ensure that your network infrastructure is as “tight” as possible:
- Make sure that all endpoints are secured with a good Threat Hunting tool.
- Assign network permissions on an as needed basis and give just enough privileges to your employees to do their daily job tasks and not more than that.
- Cyberattackers love to tap into the backdoors of your online store and insert malicious payload through any backdoors that might be present. Therefore, you should implement some sort of change management configuration process so that you will be alerted in real time if any unauthorized changes have been made.
*Protect the domain of your online store:
During the COVID19 crisis, the hijacking of legitimate domains and creating spoofed websites from them has greatly escalated. Here are some tips to protect your valuable domain:
- You should blacklist an domains and/or IP addresses that are known to be malicious in nature.
- Any domain and/or IP whitelists should contain those that are only internal to your company.
- Keep updating your whitelist, and if there is any outdated information/data, it should then be transitioned over to the blacklist.
In our next article, we will examine the security solutions for both the healthcare and the financial sectors.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.