Particularly for the retail industry, the staggering amount of payment card theft at the point of sale is a hallmark of 2014. As such, in terms of consumer confidence and loyalty, validated cybersecurity is becoming a market differentiator.
In a post by Tara McGraw Swaminatha and Aravind Swaminathan, both with the DLA Piper law firm, found on the business advisor website JDSupra.com, the writers note that the New York Times has recently reported that:
• Companies are often slow to disclose breaches, often because of the time involved in immediately-required investigations.
• Congress is beginning to make inquiries of data breach victim companies.
• Even those companies who have conducted cybersecurity risk assessments still get attacked, often during the course of implementing new solutions to mitigate potential problems and protect their customers’ payment cards or other personal information.
• Former employees can be a source of information to the media about your efforts to investigate and secure your point of sale (POS) systems.
As the only full-service point of sale provider — from software development to franchise incubator to ongoing support — part of Sintel’s commitment to our customers and business community is to share relevant ideas, information and industry news.
The JDSupra.com post, “So You Think You Have a Point of Sale Terminal Problem,” points to no quick fix for the problem. “Even the best intentions, most competent efforts and unlimited budgets cannot fix a problem such as this overnight,” they write. “These fixes take time, and have become an unavoidable symptom of having POS terminals.”
A decrease in brand reputation alone is too high a cost to ignore. The two DLA Piper lawyers’ business advice is that if your company is (very understandably) not equipped to tackle the daunting task of finding and prioritizing vulnerabilities and choosing the best cybersecurity governance and technical plans, find someone who is and consider the following list of actions:
1. Launch a cybersecurity risk assessment, if you have not yet done so.
2. Protect your risk calculations by engaging outside counsel and qualified cybersecurity experts to provide legal risk advice protected by the attorney-client privilege. Keep C-suite executives and Boards of Directors informed. The outside counsel, together with experts, should:
• Educate and advise directors and executives on legal and business risks associated with your company’s particular threats and vulnerabilities.
• Engage a qualified, experienced external cybersecurity team to review technical infrastructure and identify vulnerabilities stratified and prioritized by risk, likelihood of being exploited, and costs and time involved in remedying each one.
• Review the operational procedures across a multi-disciplinary team in your company, which are often overlooked and can have the greatest impact on the overall health of your risk profile.
• Help identify the most sensitive categories of information in your organization and develop data governance procedures tailored to your organization to add yet another layer of protection for your most sensitive assets.
• Regularly remind your team members, including from your third-party vendors engaged by counsel, about privilege and confidentiality obligations.
3. Treat cybersecurity risk assessments and remediation efforts as an iterative process. Constantly review your multi-disciplinary team’s recommendations as they change week-by-week, or day-by-day. Re-evaluate the spend allocated based on updated information about your risk landscape as the investigation and assessment progresses.
4. Stay informed about updated regulatory requirements and case law on cybersecurity and privacy. Ensure that stakeholders understand these updates, and charge them with implementing appropriate changes in their domains.
5. Recognize that there is no such thing as perfect security, but that there is a tipping point over which your company will move outside the category of high-risk operations and into a safe zone.
6. Allocate the necessary resources to get the job done — and done well. If your company goes an extra mile in building security policies, procedures and technology that are better than industry standard, you can use your low risk profile as a market differentiator. In addition to reducing litigation and reputational risks, validated strong security will increase customer confidence and loyalty.
7. Review your insurance policies for adequate coverage to address interim risks. While reputational risk cannot be insured against, insurance can be very valuable in the event of a breach.
Read Tara McGraw Swaminatha and Aravind Swaminathan’s full JDSupra.com post here.
For more insights into point of sale security, check out our related posts, “Backoff” Tracking Memory, Taking Credit, Secure Your Payments, Or Pay The Piper, In Loving Memory Of Your Credit Card Data, and The “infostealer.rawpos” Trojan Hides, Covers Tracks.
Just as Sintel shares our vast point of sale experience and expertise with startup owners in order to help them make the best decisions from the very beginning, we are happy to share articles, advice and commentary about retail point of sale and security.
Whether you’re a first-time franchise hopeful, a small business owner or an established chain, it’s always smart to stay on top of the latest point of sale best security practices to achieve financial success.
If you are interested in learning more about Sintel’s point of sale systems and how our knowledge and support can impact your future success, call us for a complimentary phone consultation.
Sintel Systems is the only direct to end user full-service provider of tailored point of sale systems across retail, restaurant and service industries, including frozen yogurt shops, pizzerias, sushi restaurants, cafés and retail stores.
As a single source for business solutions, our experienced, knowledgeable team negotiates the complex POS landscape for you to enable you to find the right POS system for your business and budget. Hardware – Software – Support