But any business, including third-party vendors that serve stores' POS systems can take measures to block POS malware attacks. First, they should assign strong passwords to remote access software and to PCs that house this software. By using longer, stronger passwords that are not common and that no one in the organization has previously used, companies can circumvent the password dictionaries inside brute force attack software. Employees should not document, share, or disclose any passwords. It is a good idea for these vendors to update passwords regularly. "Two-factor authentication methods increase the security of passwords that attackers can compromise," says Sigler.
Third-party vendors should use only select computers set aside for technical support to connect to POS systems with remote access software. Only authorized personnel should be able to access these computers. No one should use these computers for web browsing or any purpose other than as the company intends. A good firewall should help with that.
To detect POS malware, POS system vendors should monitor outbound network traffic and any traffic intended for systems outside their control, according to Sigler.
Sign up for CIO Asia eNewsletters.