Back

Apply

Safety of point of sale systems

When consumers purchase services or goods from retail points, transactions are processed through what is referred to as a Point of Sale (POS) system. The system is made up of the hardware that captures the required information and software that instructs the hardware on what to do with the captured information. When you use a debit or credit card at a point of sale system, the attached computer system or device collects and processes the information stored on the card’s magnetic strip. Data collected includes information associated with the actual account such as cardholder account number and name, as well as credit card number and its expiration date. The target The insecurity of POS systems lies mainly in consumer data handling. Cyber criminals have always targeted these data in which they have devised numerous malicious means of acquiring it. In same cases, these perpetrators attach physical devices to the POS system which then collects card data through a process referred to as skimming. Some other cases involve delivering a malware into the POS system which latter collects desired card data as it passes through and sends it back to the criminal. In most cases, this data collected is used to create fraudulent debit and credit cards. Some POS system devices also enable access to email services and Internet. This therefore means that a malicious mail attachment, website or link can be accessed and a malware subsequently downloaded into the POS system of the end user unknowingly. Cases of using key loggers to record key strokes have also been used by cyber criminals, although not so common. The impact When it comes to point of sale system malware attack, several malware have been used, most of which locate specific data on the system using memory scraping technique. Commonly used malware include Dexter and Stardust, they extract information from Track 1 and Track 2 of the magnetic card or from internal network traffic. These two types of malware are often delivered into POS systems via malicious internal actors or through email Phishing. Other vulnerabilities of a POS system include open wireless networks that offer POS system access, weak credentials as well as physical access to the POS devices. The design solution Modern POS systems have been designed with these security risks in mind. They have been equipped with appropriate security applications that provide secure network and end-to-end security to consumers. The POS system also combines complete transaction logging and online authorization to allow full monitoring of staff that manipulate cash and handle transactions at all levels. POS terminals are also designed in compliance with anti-money laundering rules. Many financial and non-financial institutions are therefore required to identify and report any transactions of suspicious nature to their respective country financial intelligence unit. POS System Owner Best Practices There are known best practices that owners and operators of POS systems can follow to increase the security of the system and cut off unauthorized access. These include: Use of strong, unique and complex passwords, which should be changed regularly Regularly update the POS software application to ensure that the system is using the latest updated applications and application patches Use antivirus to detect and restrict entry of malware and other malicious programs in the system Install a firewall to protect your POS system from external attack. Disallow remote access to the point of sale system at all times Restrict access to the Internet to prevent staff from accidentally exposing the POS system to the many security threats available on the Internet. Have you used POS systems in your business? Share your thoughts and experience.

Read more
Secure your accounts: use two factor authentication and avoid ransom demands

"Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to [ email address withheld ] for unlock." Many apple device users woke up to find their accounts held to ransom.  Today, I'm not going to focus on how to recover your devices or accounts, there's enough information around on this already... I'm going to look at how you can avoid it happening (again)... Some cold hard realities to start with... in the last year, many major companies have reported potential compromises on their backend systems raising concerns about the safety of customer's personal details, usernames AND passwords.  Here are just two examples I can point to: Recently, I received communications from Adobe insisting I change my passwords due to a potential compromise - not that they were compromised, they just weren't sure. Not so long ago, Yahoo emailed me telling me to change my GOOGLE passwords because Yahoo had noticed unusual activities on their systems and knew that many of their customers used the same credentials on both networks. Even going back to 2012 (yes, the dark ages in terms of Internet days), Wired reporter Mat Honan shared his harrowing experiences of having his iCloud and Twitter accounts compromised.  This behaviour obviously isn't new. How many of you think that having a strong password is sufficient to protect your account? How many of you use a different password / username pair for different accounts? What do you think makes a strong password? The simple fact is, that in today's online world a strong password is only marginally useful... with the right resources and time a hacker can guess the password or, worse yet, compromise the back end systems and CHANGE your password.  When the majority of our life is held in online accounts (Google, Apple iCloud or others), why are we relying only on username and password combinations? What can you do to protect your online accounts? Use Two Factor Authentication and if the organisation you're considering using doesn't provide it, look at another provider. Two Factor Authentication is having two "things" that form your access code – as a younger woman in IT Security it was explained to me as "something you HAVE, and something you KNOW". You KNOW your password.  You HAVE a fingerprint You KNOW a PIN code. You HAVE a key that you turn in a lock Just possessing one of these things is not enough to get through the security safeguards – you need to have both to use together. Two Factor Authentication exists in the online world and has done for a very long time.  It's just not something that is encouraged generally in the consumer market because it adds a level of complexity to user support - which is something support organisations try to avoid (understandably). Traditionally, Two Factor Authentication relied on the person trying to access a system having a separate device that produces a One Time Password.  When a user tries to login, they not only use their password; the end system also challenges them to enter the One Time Password that is displayed on the device they carry.  Sometimes these little devices are called 'key fobs' because they are normally attached to the user key rings to keep  them safe. In the online world, Two Factor Authentication is generally linked to your mobile phone or device.  You need to have that device with you to access your accounts - whether that's on your computer, tablet or phone.  Without having that device available, you will not be able to access your account.  It is the simple fact that you need to have access to this device as well as knowing the account password that increases the security on your account. Types of Two Factor Authentication Two Factor Authentication can occur in a number of ways:  SMS - a code is sent via SMS to your phone Phone Call - a code is sent through a phone call Email - a code is sent through email Hardware Token - the traditional hardware device that displays a one time password Software Implementation - an app that runs on your device that displays a one time password I have to say my mind boggles at getting a code via Email - unless you're 100% certain about your email account  security, this feels like letting the wolf through the door.  Just my thoughts on that. Who Supports Two Factor Authentication? Two Factor Auth (2FA) has a great list of which organisations support what type of Two Factor Authentication.  It's a good reference. It would appear that Apple uses it's own Two Factor Authentication service which protects all your iDevices - this service was introduced in March 2013.  You shouldn't just consider turning this service on, you should do it! However, there are many companies that already support 2FA and thanks to the Electronic Frontier Foundation, here's how you can enable Two Factor Authentication on some of your accounts:  Google Twitter Facebook Dropbox Microsoft Many of these services authenticators are compatible with the Google Authenticator service, so you have one app on your device to manage all your logins. Physical Device Security Of course, once you put your two factor authentication on your device you need to be very conscious of the physical security of your device.  Stay Smart Online (an Australian Government website) has some great tips around this:  Enable a password on your phone.  Don't rely on the swipe codes, use a password Add a pincode to your SIM Set your device to automatically lock (of course, this saves the embarrassing butt dials as well) Encrypt your data - check what your device offers on this Turn off BlueTooth and Wifi if not in use Turn off automatic BlueTooth discovery so your phone can't be found when in public Check out the 'lost phone' type options provided by your carrier and phone manufacturer Back up your data!  If the worst happens, make sure you can recover quickly. Account security is your responsibility - it's up to you to take every reasonable measure to protect your accounts against compromise. 

Read more
Securing data in a moderate budget

Just a few years ago, the volume of data produced worldwide exceeded 1 zetabytes. This is equal to the amount of information needed to fill 57.5 billion 32GB Apple iPads or over 200 billion HD movies. According to a study, the data volumes in the current decade will increase by 50 times leading to a shortage of storage space for more than 60% of the data generated. Generating new data now is much cheaper today than before: the cost of storage and processing has decreased by 6 times since 2005. During the same period budgets for IT have increased by one and a half times. By 2020, the number of data generating devices will increase by eight times - starting with smart phones and cameras with higher resolution and ending with different sensors and smart personal devices. Additional information is generated as derivative from that already existing; first of all these are backups, as well as logs and digital, audio and video archives. The lack of affordable storage space is due to the fact that the hardware Data Storage Systems (DSS) have evolved for a long time on the principle of faster, higher, stronger. DSS optimization has been customized for the needs of companies with large budgets, i.e. fast storage for virtualization, super fast storage for processing data in real time, smart storage with optimization for certain business applications. A review of approaches to storing large amounts of data will not be complete without mentioning the solutions based on software, but supplied to the market in form of software and hardware sets (appliances). In some cases, this allows you to quickly deploy the solution and can be good for a not very large company with limited resources. However, the use of a predefined hardware configuration limits the ability to tune the system and, of course, sets higher threshold prices than for pure software solutions, which already include the hardware. And, of course, such an approach inherits many specific hardware DSS as part of upgrading a server. It is clear that creating a commercial solution on the basis of open source is a complex and risky experiment, and only a large company or system integrator having sufficient expertise and resources to deal with difficulties in installation, integration, and open source code support can take it on and have sufficient commercial motivation to do so. The main motivation of commercial vendors is aimed at such high-budget areas as a high-speed data storage system for virtualization or parallel processing of data. Affordable storage Closer to solving the problem of inexpensive and reliable storage the startups were focused on providing cloud backup. While some of them went out of the race, others who gambled on unfolding cloud storage in their own data centers based on standard components managed to gain a foothold in the market by their cloud services have made the best progress. Although they, too, due to very high competition in their main market, do not proactively promote storage technology as an individual solution of the Software Defined Storage class; firstly, not to create competitors, and secondly not to disperse their resources in completely different business directions. As a result DSS administrators responsible inter alia for storage of backups, logs, archives of video surveillance systems, TV shows, voice calls records, encounter a problem: of having on the one hand convenient but costly solutions that in the event of having a sufficient budget are capable of solving current needs in the storage of 100-150 TB of data. It will be reliable and secure. However, once the DSS capacity exceeds the threshold of 150-200 TB of data, the problems of further scalability occur, i.e. uniting all hardware into a single file system, freely reallocating the space, upgrading hard discs with discs of larger capacity, there emerge extra expenses for migration, costly components and special software for 'DSS virtualization'. As a result through the cost of ownership such a system with time becomes far from the optimal one for 'cold data'. Another option is as follows: composing DSS on its own based on Linux and JBOD is possible, it's good for a specialized company such as a hoster or telecom-provider having experienced and qualified specialists who can assume responsibility for the workability and reliability of their own solutions. An ordinary company of average or small size with a principle business not related to data storage most probably has no budget for expensive hardware and qualified specialists. An interesting option for such companies may be on a software solution that allows you to quickly deploy a highly reliable and easily extendable DSS. The DSS is on inexpensive typical mountings and drives that can be freely combined with each other, changed one by one on a 'hot system', increasing the space of arbitrary blocks from a few terabytes to tens or hundreds of terabytes using essentially only the skills of PC assembling and intuitive web interface for configuration and monitoring of the entire Data Storage System and its individual components and drives. This development is the result of a cloud storage for backups which now has expanded to multiple petabytes in three data centers. According to a Forrester reporter, in 20% of companies backup volume has been increasing by 100TB per year, and the complexity of expanding DSS according to the needs of backups has become a problem for 42% of the companies. This data forces professionals to think about long-term planning of DSS capacity that may be needed in their organization over several years.

Read more
Security in Mind: Important Considerations for Retail Small Businesses

Running a location-based retail store is not an easy task. Potential theft is one of the risks that makes this business operation much more difficult than e-commerce. In this article , you will see analyzed potential security risks retail entrepreneurs need to tackle and offered several solutions for each one of them. Shoplifting Shoplifting is the most common security problem for retailers and although it is much less dangerous than armed robbery, it can cause significant losses, especially during busy shopping days. Big shopping holidays like Black Friday, are the time when most of these mischiefs take place. While store staff is serving honest clients, shoplifters use the fuss to sneak out from store unnoticed. Shoplifting can be prevented by caution and security training for employees that will explain them how to recognize any type of suspicious behavior. Store’s layout should allow employees to overlook every corner and it should eliminate blind spots. Most retailers decide to place a cash register near the exit, so each customer needs to pass next to it, on their way out. Employee theft Statistics say that more than 60% of all thefts is done by employees. Since they have an access to store’s warehouse and cash register, their fraudulent behavior can cause significant problems for shop owners. This type of thefts also causes grief and dismay, and makes retail entrepreneurs distrustful even towards honest employees. Fortunately, there are many different ways retailer can stop dishonest employees from stealing the money and goods. There are several different types of employee thefts and for each one of them, retailers can prescribe a unique set of prevention measures. These include: Cash thefts from the register - to stop this kind of thefts retailers should carefully count the money, ask for receipts and conduct frequent cash register tests. Employees damaging, drinking or munching products - employees should have frequent breaks and should be required to pay for all products that are missing. Vendor collusion - this is a form of organized theft conducted by one or several employees and someone from the outside. It can be prevented by keeping all back doors locked and secured and by frequent stock checks. Record falsification - all coupons and time cards should be checked on a daily level to prevent employees to misuse expired discounts. Armed robbery Armed robbery is one of the most dangerous threats to company’s and employees’ well-being. Most people think that armed robbers usually target banks, post offices or stores that sell expensive merchandise (like jewelry). This misconception can easily turn retailer into a target, especially if it causes them to neglect security. By investing in store’s security, retailers are decreasing chances that their store will get robbed. Retail store can be protected in several different ways. Installing various obstacles between customer area and cash register is one of them. NSW Roads & Traffic Authority employed an Australian company called Genesis that builds in various types of anti jump barriers, which can be bullet-proof, chemical resistant etc. They can also hire an armed security guard or install a panic button alarm, which automatically contacts law enforcement, while robbery takes place. Supplier theft Many suppliers overcharge their business partners or deliver them fewer goods. To apprehend this type of behavior retailers need to personally check every shipment and count delivered goods. If they don’t have time for this, trusted employee should be assigned for this task. When these types of theft happen, retailers should give your supplier a chance to explain, before quitting future cooperation. Store security is a very important criteria for running a successful retail business. Like with all other business practices it is always ‘better to be safe than sorry’, and the right mix of innovative security measures can prevent theft from happening and save retailers from losses and customers’ and employees’ claims.

Read more
Since when has email been anything but a broadcast medium?

We all use email, and in most cases we have had an email address for many years.  My Hotmail (no longer called Hotmail) has been with me now since 1995, and my Google mail account has been around since 2000.  Email has developed into the medium of choice, and an email can now be considered a legal document.  We treat it as a vehicle for private correspondence.  But one thing is constantly forgotten.  Anything that uses the internet to transmit the written word is a broadcast medium—including email. For some reason, we all have the implicit belief that whatever we write in an email is personal and confidential.  We are quite happy to put a disclaimer on the bottom of our email, but this only protects us from the honest people.   People in the legal and government space consider an email a legal document.   Whatever is written between two parties is legal and binding.  In the space where I work, I consider this incorrect.  Before treating email as reliable or confidential, we need to ask ourselves three things. Could it be someone else? It is possible, even with low-level tools, to impersonate a person’s email address.   We have seen it for the last 10 years.  Spammers and virus writers use it to broadcast millions of emails all over the internet every day.  These emails appear to come from your friend, when most of the time they are coming from the bad guys.  If you have access to the domain space then it is even easier to impersonate other people.   That is why these zone files are protected so heavily! What can you do with your email? In most cases there is no restriction on what you can do with an email.  In a number of places, Microsoft’s Rights Management for instance, you can restrict an email to not being forwarded, copied or printed, but most of us are not concerned about that.  Don't lose sight of how easy it is to share what you write.  I can take a whole conversation—maybe 6 or 7 emails—and at any point BCC it to a colleague.  If you were corresponding with me, you would never know it had happened—or who else was reading what you wrote. Who else knows about it? It may be in my best interest to protect my conversation with someone, but what happens when it's not?   An email can be broadcast to a huge number of people with very little input from the person sending it out.  Before hitting “send,” consider if there's anyone out there whom you wouldn't want to see an email's contents.  An indiscreet missive can do a large amount of damage to a person’s reputation—or, even worse, your business's reputation. We are becoming more and more lackadaisical in our attitude to personal communication.   The younger generations do not consider their reputation as much as we older people do.  In the old days, reputation, personal and business, was everything.  If your reputation was tarnished, you better have a solution fast or you were destined for skid row.   Today’s younger generation do not consider reputation important.   If you're in your 20s or 30s, you may not consider threats to your reputation a serious danger.  But think again.  Thanks to instant communication, a few indiscreet words can do far more damage than they could when I was growing up. What to do?  Fortunately, there's a fairly simple solution.  By considering email a broadcast medium and being very aware of what you (or your correspondents) write, you protect yourself.   If it is confidential, do not put it in an email, on a web page or in a social media comment.   The world can see it and, in some cases, use it against you.  If you want to keep it confidential, write a letter.  

Read more
Technology Can Save an SME From Drowning

So you want to run a company but it's pretty much just you, or you and a couple of other people? You're probably trying to make everything happen all at once, and you certainly risk becoming stretched far too thin. There is however, a vast array of tools and software that can be put to good use by entrepreneurs and SMEs to assist them in their work.   Ram Castillo of GiantThinkers.com explains that his company is run to the extent possible by himself alone, which is clearly not an easy feat. Hence what he calls his "conscious need to set up as many automated systems and remote based enablers as possible." For a small business the opportunities technology provides is immense, but making full use of it is not always possible. The use of automated systems like IFTTTT provides the SME with assistance where it's most needed.   Expanding through innovation The digital market obviously presents great opportunities to SMEs for expansion with a fraction of the cost that an IRL expansion might require. Castillo argues the technology enables his concept to be easily converted into a larger venture without the company having to compromise quality. The idea is to evolve the current business into new areas, including webinars; which has the potential for a networking experience.   "All can be delivered and consumed from a 1:1 standpoint and a 1:1000 standpoint without diluting a valuable experience."   Innovative staffing solutions Where a large company might be in a much greater position than a small business however is quite simply money. Hiring staff or interns is laborious, not to mention potentially expensive.   Technologies that enable people to work from a distance is a god-send to entrepreneurs who need work to be done but can’t afford to keep staff idling in the halls when there just isn't enough actual work to justify it. Software like Act! And Nimble make it easier for SMEs to hire staff and manage your team in the most efficient way possible by combining we-based platforms with social media and CRM (customer relationship management).   GiantThinkers employs a team of freelancers who work regularly but are employed for projects. They include audio engineers, editors and others, in addition to an assistant who works part-time. A large company might just have these people on hand but for an entrepreneur the funds for that are probably non-existent, or might be better spent elsewhere for the time being. The ingenuity of entrepreneurs is what enables them to compete with the giants of the business world. For people who work in fields where full-time work is hard to come by and instead you work on a portfolio that serves as your business card, SMEs are a thriving job market, even if you often work by project rather than being on the payroll.   The advantage of being David, rather than Goliath As a small business you can make use of innovation. An SME has the chance to create a company culture that derives its strength from its flexibility rather than trying to mimic what a larger business might do. The personality of the small business is imbued with an authenticity that is priceless.   Done is better than perfect Technology will help you get your business up and running quick to prevent losing out when it comes to making a place for yourself.   Castillo mentions looking to peers within the SME community for inspiration on how to run your business but warns against making constant comparisons. His advice is to "use what you have and what you know then do what you can with it. Improve as you go. Done is better than perfect."

Read more
The 10 things you must know before getting your website designed

When approaching web design for your small business, there are things you need to look for beyond who can create the prettiest site. You have to examine your company, its needs and its goals, and come up with a website design that's part of a comprehensive marketing plan. How do you do this? Here are 10 things you should known when approaching web design for your small business: 1. You Need a Vision Before you begin talking with web designers about colors and fonts, you need to have a clear vision of where you want your business to go. And, you have to know what you want your website to do to help you get there. This is where a good designer comes in. A good web designer will translate your vision into a website with impact. 2. Your Web Designer Must be Dedicated The web designer you hire must be dedicated to your company and your goals. He has to be interested in your success, not just your dollars. s you speak with potential website designers, evaluate how well they listen to your and purpose. Choose a designer that wants to be your partner, not someone who churns out what he thinks every company needs. 3. A Website Has a Specific Purpose As you approach website design, keep in mind that your site will serve a specific purpose. For some websites, the purpose will be connecting with potential clients. Other sites might focus on making a sale. Whatever it is you want your target audiences to do can only be accomplished if your website is designed specifically for this purpose. A good designer knows how to accomplish this task. 4. Your Website Must Stand Out A big part of getting your website to stand out is arranging color, type, text, and graphics in a way that catches the eye. But, it has to be easy on the eye, which means clean and not garish. Website designers know how to lure attention, and keep it, through fonts, spacing, photo placement, and other aspects of design. A good website designer can create a website that's attractive and compelling, without it being too brazen. 5. Your Website is a Reflection of You As you think about what you'd like your website to look like and what it should do, remember that your site is an extension of your business. Everything about your website must reflect your business' values, personality, and ability to serve or sell. 6. Content is King A good website needs good content. It needs informative, engaging, and quality headlines, articles, page content, and blog posts that teach people about your company and encourage them to find out more. Your website's content should also be pleasant to look at and keyword rich. 7. SEO is Mission Critical If people can't find your website, it doesn't matter how good it looks or what content it has on it. As you approach web design, make sure your designer or another skilled professional can incorporate SEO (Search Engine Optimisation) best practices into your site so you show up in Google searches. 8. You Must Know Your Audience You must have a keen awareness of who your target customer or client is, and what he or she needs. If you keep your audience in mind throughout your website's planning and design process, you'll be better able to tailor it to them. Which will benefit you with more client and customer engagement, and more acquisitions and sales. 9. Navigation Should be Easy When a visitor arrives on your website, he or she should be able to easily find important information. Your website's design must be structured to allow people to get from page to page in a simple manner. It has to have a logical navigation that won't frustrate, or distract, a potential client or customer. 10. Social Media Rules When you're planning your website design, remember to integrate your social media feeds into the main page layout. Icons for Twitter, Facebook, Instagram, Pinterest, and other social media platforms should be prominently displayed on your website. This will help boost engagement on those pages and will let you keep in touch with your audience. These 10 things to known approaching web design can prove invaluable to the ultimate success of your business.  

Read more
The importance of a great website for a new business

There are many reasons why having the perfect website for your business is so critically important. Here are just a few to consider. • Well organised content greatly improves visitor flow Good website design isn’t just about a really nice looking site. Yes, that is important too, but the layout of a website is important for other reasons. Research shows most website visitors allow about 15-20 seconds to find what they’re looking for. If your website layout is disjointed or illogical, or there are too many distractions on the page, you could lose a great number of potential customers who simply can’t be bothered putting in the effort to find what they need. I have seen this in action many times. I have had clients approach me for a new website, complaining of a high “bounce rate” (visitors leaving without visiting another page) and visitors not spending long enough on their current site. The number 1 common trend I find is that the site has too much content and general clutter, or the navigation menu is poorly designed which is making it difficult to find the right content quickly. Often, the websites have great content, but it’s organised in a way that is too confusing or too daunting for the visitor. Designing a website with well organised content and navigation is critical. • Reinforcement of your message This is all too often overlooked. Most people get caught up in the fancy features of their website and fail to keep in mind where their traffic has originated from. For example, if you’ve printed a full page advertisement in the local newspaper featuring a great limited offer, and you’ve got the web address at the bottom of the ad, the website needs to continue on from where the press ad message left off. If your website barely resembles your other marketing material, you could be sending mixed messages, or losing the impact that you could achieve by having a consistent theme and message throughout. If you do frequently advertise in print, or just offline in general, you need to consider that quite often your website may be the second point of contact, not the first. You may be closer than you think to closing a sale when they first load your website. If, when they load the site, they can’t find what they were hoping to find (for example that great limited offer), there’s a chance they’ll give up and look elsewhere since they are already online. This point is about keeping your website up to date and consistent with your other marketing material, and to do this you will need a website that is easy to update and maintain. • Sexy websites sell A really nice looking website will hold the attention of the visitor longer. That’s just how it is. People don’t like to look at bad design, cluttered websites and bad quality photography. Whether you’re a designer or not, everyone knows an ugly website when they see it. You want to encourage your website visitors to feel good, and this is achievable by carefully selecting the images, colour scheme, typefaces and even headlines. If you are struggling to create a website that is easy to look at, please, hire a designer. Even if your content is amazing and your products or services are top quality, if the design stinks, they will all go to waste. • User friendly websites work better Your website needs to be user-friendly. These days, with the rise in mobile and tablet users, this means you need a responsive website. A responsive website looks at the size of the device your visitor is using, and re-organises the design of the site to fit their screen as best as possible. It’s an absolute must. Aside from being responsive, you need to make sure that the visitor flow is logical and intuitive. Information needs to be easy to find, and there should be a call to action on most pages, not only on the “contact us” page. This relates to ease of use because you want to minimise the number of clicks a visitor needs to make contact. All of these factors, as well as many others, should be considered when designing and developing your company’s website.

Read more