A data breach with your point-of-sale (POS) system can be devastating. It can cause lost productivity, a damaged reputation, and decreased revenue when customers take their business elsewhere. Bottom line—the impact can be costly.
The 2015 Cost of Data Breach Study conducted by Ponemon Institute found that the average consolidated total cost of a data breach is $3.8 million representing a 23% increase since 2013. The study also reports that the cost incurred for each lost or stolen record containing sensitive and confidential information increased six percent from a consolidated average of $145 to $154.
So how can you make sure your POS system is secure?
Review and Identify Vulnerabilities
It’s important that you review your system to identify any vulnerability. Consider practicing strict security measures on all on-premise servers and ensure only authorized personnel access to cash registers and other in-store finance systems.
If your company is outsourcing server and software services to a cloud vendor, meaning customer data is being moved off premises, it’s good to review your Service Level Agreement (SLA) consistently. It’s also best practice to review the vendor’s Service Organization Control Report(s) (SOC) available from their last audit. An unqualified opinion from the auditors would indicate, at a minimum, satisfactory controls on the part of the vendor.
Evaluate and Monitor Your Service Level Agreement
A business is expected to ensure its customers’ data is safe at all times even if it’s being overseen through a cloud provider.
Businesses should conduct regular reviews to ensure data is being secured as specified. Continue to monitor the vendor’s reputation, current client list and risks. Here are a few questions you should know the answers to:
- How is data encrypted while in transit?
- How is data encrypted while at rest?
- Is there a strict registration process limiting who can sign up for their services?
- How is data backed up and restored in the case of a disaster?
Safeguard Internal Behaviors
It’s important to also realize that data breaches can also happen because of employee behaviors. Negligent workers have become more mobile, and sensitive data can be carried around on tablets, phones, flash drives, etc. This increases the risks of lost or stolen data.
Businesses should proactively ensure that devices used are properly secured and safeguarded with passcodes, and any external hard drives should be encrypted and locked down with a password.
In summary, no business is above a data breach. That’s why every business should set up measures to practice data security. The cost of this expense may save you your business in the long run.