Protect Firewalls are network security devices thatProtect Firewalls are network security devices that

Protect the POSUpdate POS software regularly. When it comes to updating POS software, the sooner the better. It is highly recommended that retailers update their POS when software updates become available. New types of attacks are manufactured by hackers every day. POS updates will include security patches that prevent the systems from falling victim to these new attacks. By installing POS updates on a regular basis, the information stored on POS networks will remain protected (Feinstein, 2017). Require the IT department to monitor the market for the release of new POS software. Hold the department responsible for installing the software on all POS systems within 1-2 weeks of the release date. If IT employees fail to implement the POS updates within the specified timeframe, they should be documented for violation of policy.Install firewalls and anti-virus software. It is important to have multi-layer security when protecting the POS system. Although firewalls and anti-virus software will not guarantee 100% POS protection against cyberattacks, they should still be used as a layer of protection against hackers and malware. Firewalls are network security devices that observe and control the network traffic entering and leaving the network, (Cisco, n.d.). Anti-virus software is used as a background check that searches computers, servers or devices in order to stop the spread of malicious programs (Rouse, Antivirus Software (antivirus program), 2017). Require the IT department to maintain firewalls and anti-virus software. Like POS software, firewalls and anti-virus software need to be updated on a regular basis. Hold the IT department accountable for updating the software and document any violations of policy. Use strong passwords. Require employees to use strong passwords for all computer applications and the POS systems. Strong passwords will include at least one uppercase letter, one lowercase letter, at least one number, at least one special character, and a minimum of six total characters. It is recommended that passwords be changed every 4 months to protect against a breach. If employees need to reset their password, IT must supply a temporary password that will need to be changed by the employee upon login to reflect the password requirements. In addition to the main password requirements, employees should be encouraged to choose passwords that do not contain full names, or the same number sequentially. This ensures that passwords are complex and more difficult for hackers to crack. Passwords should also be accompanied by security questions selected by the employee, and a CAPTCHA or reCAPTCHA to prove that the application is being accessed by a human and not a robot or computer.Denying Internet access from the POS. As convenient as it may be to access the internet when using the POS terminals, the restriction will offer another level of cyber protection. Accessing the internet on the POS will leave the system vulnerable threats like viruses and other malware (Feinstein, 2017). Retailers should only allow IT support to access the Internet on the POS if it is necessary to complete an authorized task. Any violations made by a member of IT or another department must be documented by Human Resources. Retailers are recommended to monitor all activity on the POS systems through exception-based reporting and Closed Circuit Television (CCTV). All it takes is one employee selecting a malware-infested website to sabotage a business’ success and destroy its reputation. Disable remote access. Hackers are becoming increasingly savvy when it comes to breaching POS systems through remote access. Although retailers may see it useful and convenient to allow IT employees to remote access into workstations when they are unavailable to make a physical appearance, by doing so they are placing the POS at risk of a breach. Remote access can provide hackers with the opportunity to gain access to networks, retrieve sensitive information about the business or customer database, and delete IT’s remote access to the POS network. Whitelisting. Another layer of protection that retailers should implement to protect POS systems is application whitelisting. Whitelisting determines which applications are allowed to run on a workstation.  It is an effective method of stopping unwelcome programs including viruses, malware programs, P2P file sharing, and prevent interruption of business operation (Rouse, Application Whitelisting, 2017). On the other hand, it can also prevent trusted applications that have not yet been added to the authorized application list.  It is important that the IT department update the list frequently to ensure no issues are encountered when accessing authorized applications. Users sometimes perceive whitelisting as a nuisance because they have to contact IT to approve an application before being to access it. This can be time-consuming if there are a lot of requests that need approval.Encryption and tokenization. When payment card information is in transit, encryption provides a good method of protection. Encryption can protect card numbers from hackers. In a retail setting, encryption can prove to be very useful when safeguarding customer payment card information. Tokenization provides protection of payment cards when they are in use or dormant.  Card numbers are replaced with an exclusive token ID during the checkout process. By using encryption, retailers can prevent customer card information from being stolen by hackers at a later date because the information is no longer available in their system. It is recommended that retailers employ both encryption and tokenization to protect all payment card information that passes through their POS systems. Implement an encryption method that encrypts card information during entry and only decrypts the information when once it arrives at the POS device.Physical security of devices. This method of POS protection may seem simplistic, but it is important nonetheless. By physically securing all POS systems including stationary devices and portable or mobile devices. It is recommended that retailers install cameras over stationary POS systems, these cameras can prove useful in the event of a law enforcement investigation or company investigation. It is also recommended that IT assign and keep records of employees who have access to portable or mobile devices. Any lost devices should be reported to the IT department immediately. Employees should also be documented for losing or damaging POS devices. If these devices land in the hands of a hacker, there is a good chance that the retailer will experience a cyberattack shortly after. Vulnerability testing. Testing POS systems can identify several cybersecurity factors. These factors include identifying points of attack, tactics used by the hackers, and detect vulnerabilities. The results of the testing will be analyzed and then be used to prevent future attacks on POS systems. Retailers are encouraged to hire security experts to conduct the POS penetration testing. The testing should include the following steps: plan a course of action, set a goal, gather available information on the POS system being tested, identify vulnerabilities, practice penetrating the system, and study the results. Retailers should require the IT department to work closely with the security experts. They should take notes on the POS penetration testing, and incorporate the findings in cyberattack prevention methods.Establish a POS policy. It can be difficult to determine how to protect a POS system without a policy to provide direction. These guidelines should be used to educate employees as to what is acceptable and unacceptable when conducting POS activities. It is recommended that POS policies include approved and restricted POS functions, such as whether or not employees can access the internet on the POS, policy requirements including assignment of mobile POS devices, POS processes, best practices, and consequences of violating POS policy. Require all employees to sign off on the policy, this sign off will serve as proof of receipt and acknowledgment of what is expected. The policy should be maintained and updated regularly, holding employees accountable for out of date can potentially cause issues for retailers. It is suggested that retailers consult the NIST framework when creating or updating a POS policy.Invest in training. More often than not people, specifically employees are the weakest link in the chain of security (Symantec Corporation, 2015). Every successful program relies heavily on employee training. Retailer businesses need to promote employee awareness and training programs on information security. A best practice is to cross-train employees in general IT security and personal IT security. Employees need to have a good understanding of security at the business and personal level in order to assist in the protection against cyberattacks. The Queens School of Business and by the Gallup Organization reported that detached employees used 37% more days off, had 49% more accidents, and made 60% more errors than employees who were actively engaged with their employer (Seppala & Cameron, 2015). The businesses that scored low on employee engagement, were 18% less productivity, 16% less lucrative, had 37% less potential for career growth, and 65% lower share price over a period of time (Seppala & Cameron, 2015). Employees who lack loyalty the business are usually more stressed and significantly contribute to the turnover rate through either termination or resignation. They look for opportunities outside of their current employer to fill the void in their work life. Neutralize third-party risk. Hackers are targeting the IT supply chain and partner network more frequently as a result of stronger network boundaries. Retail businesses need to evaluate the risk posed by third-party vendors. In order to neutralize third-party risk and because