The recent story of a massive malware attack that saw details of 167,000 credit cards stolen from POS payment terminals is a stark reminder of just how important robust POS security is.

The hack, which started as far back as February 2021 and continued unchecked until September 2022, could potentially land the perpetrators $3.3m.

In-store POS systems remain a prime target for hackers for two reasons. One is the simple fact that the payment data that flows through POS is a highly lucrative prize for cybercriminals. The other, sadly, is that POS systems are all too often a soft touch, with fraudsters happy to capitalize on poor security practices.

In this case, for example, hackers are understood to have scanned systems for poorly protected VNC and RDP network services (the layers that allow POS terminals and endpoints to communicate with one another), exploiting the weaknesses to gain full system access.

So what can businesses do to make sure their POS is not offering an open invite to hackers – and so protect their customers’ sensitive data? Here are our three top tips.

Run best-in-class antivirus software across your system

As with many hacks of this nature, one of the tools the cybercriminals used in this latest high-profile attack was a piece of malware known as a trojan. Once they had hacked their way into a system, they installed the trojan, which then sat there undetected for months on end quietly mining customers’ card details.

The most obvious way to combat this is to have antivirus software installed. Anti-malware platforms continually scan for threats, and the best examples will automatically delete any rogue software found on the system. But it’s important not to just install antivirus software and forget about it. You need to stay on top of updates and patches to make sure you are able to combat the latest threats.

Use end-to-end encryption

Hackers are after data. So while taking steps to combat the types of malware they use to steal data is effective, it’s also important to focus on ways to protect the data itself. This is what encryption does. In effect, encryption turns data into a code that is nigh-on impossible to break if you don’t have the right key. So even if a hacker could get to the credit card details being processed through your system, encryption means they cannot read or use them.

Establish secure network connections for your POS

As a business owner, you might think that having a single broadband connection for your business is enough. But this can be a major weakness, especially if you offer customers use of your WiFi.

If your WiFi is publicly available, it’s there for hackers to use as well as genuine customers. If that WiFi also connects to your business systems, it’s an easy way in. As a bare minimum, you should run separate networks for business-critical systems and any customer-facing WiFi. Ideally, you should consider protecting your POS further by connecting via a private cloud or SD-WAN.