By Glenn Bellomy, CPA, Partner, Practice Leader, Consumer Products Services Group
Retailers Beware and Be Smart:
TAKE MEASURES TO HELP PROTECT AGAINST
CYBERCRIME AND MINIMIZE YOUR EXPOSURE
Many retailers around the country have been feeling a little uneasy after the FBI released a report entitled, “Recent
Cyber Intrusion Events Directed Toward Retail Firms," warning everyone that cyber-attacks similar to the one
suffered by retail giant Target are likely to become more prevalent. With over 20 major retailer attacks in 2013, it is
even more important for retailers to increase their diligence and vigilance over their devices and servers as
hackers and diabolical tech geeks are becoming more sophisticated and skilled at getting what they want. While
retail has not been hit as often or as hard as banks, the recent successes will spur more hackers to attack “softer
targets” like retailers since it is proven that the retail can be lucrative.
Between November 27th and December 15th, 2013, the megachain store fell victim to a sophisticated hack that compromised the
data of tens of millions of customers. The attack was achieved by
use of “memory parsing” software that effectively reads point of
sale (POS) transaction data that is coming off the card and
temporarily stored in RAM prior to its encryption and forwarding for
processing. Target’s intrusion happened for about 19 days before
it was noticed and overall it compromised 40 million credit cards
and over 70 million personal details of customers. Similarly,
Neiman Marcus was also hit on 1.1 million credit cards by the same
type of malware.
Small-to-medium size businesses should heed the important advice
the FBI offers with regards to protecting the computers they use in
their back offices. The following points are shared via their website
(www.fbi.gov/scams-safety/computer_protect):
Keep Your Firewall Turned On: A firewall helps protect your
computer and devices from hackers who might try to gain access to
crash it, delete information, or even steal passwords or other
sensitive information. Software firewalls are widely recommended
for single computers. The software is prepackaged on some
withum.com
operating systems or can be purchased for individual computers.
For multiple networked computers, hardware routers typically
provide firewall protection.
Install or Update Your Antivirus Software: Antivirus software
is designed to prevent malicious software programs from
embedding on your computer. If it detects malicious code, like a
(Continued on page 2)
virus or a worm, it works to disarm or remove it. Viruses can
infect computers without users' knowledge. Most types of
antivirus software can be set up to update automatically.
Install or Update Your Antispyware Technology: Spyware is
just what it sounds like—software that is surreptitiously installed
on your computer to let others peer into your activities on the
computer. Some spyware collects information about you without
your consent or produces unwanted pop-up ads on your web
browser. Some operating systems offer free spyware protection,
and inexpensive software is readily available for download on the
Internet or at your local computer store. Be wary of ads on the
Internet offering downloadable antispyware—in some cases
these products may be fake and may actually contain spyware or
other malicious code. It's like buying groceries—shop where you
trust.
Keep Your Operating System Up to Date: Computer operating
systems are periodically updated to stay in tune with technology
requirements and to fix security holes. Be sure to install the
updates to ensure your computer has the latest protection.
Be Careful What You Download: Carelessly downloading email attachments can circumvent even the most vigilant anti-virus
software. Never open an e-mail attachment from someone you
don't know, and be wary of forwarded attachments from people
you do know. They may have unwittingly advanced malicious
code.
Turn Off Your Computer: With the growth of high-speed
Internet connections, many opt to leave their computers on and
ready for action. The downside is that being "always on" renders
computers more susceptible. Beyond firewall protection, which is
designed to fend off unwanted attacks, turning the computer off
effectively severs an attacker's connection—be it spyware or a
botnet that employs your computer's resources to reach out to
other unwitting users.
For more information on Internet schemes and how to protect
yourself online, see the following areas:
■
■
■
■
■
FBI Cyber Crimes Stories
New E-Scams and Warnings
Botnets and Hackers and Spam (Oh My!)
FBI Cyber Investigations
File an Internet Crime Complaint
withum.com
Heeding the following recommendations may also help in
keeping your retail business more secure from cybercrime:
Be careful to whom and where you outsource tech support, with
special attention to countries where U.S. laws and requirements
cannot be readily enforced. When in doubt, choose to remain
onshore instead of offshoring your key IT functions.
Be mindful that the software update push you receive is from a
valid, trusted source. Without validation, you can inadvertently
corrupt your business’ entire IT security process. Be diligent in
checking source code and new security patches before loading
to all POS devices.
You may also want to consider cyber-insurance to protect
against financial losses due to a breach. While Target and other
large retailers have insurance to cover credit monitoring and
other related expenses, many small-to-medium sized retailers do
not have adequate coverage. Check with your current insurance
carrier to ensure you have some level of coverage for
cybercrime. If not, there are several great companies that offer
coverage which can be scaled to your needs.
If you are hacked, report the cyber-intrusion to the FBI CyberSecurity Office ASAP, via their reporting address:
http://www.ic3.gov/default.aspx
If you have any questions of concerns regarding this article,
please contact:
Glenn Bellomy, CPA, Partner, Practice Leader
Consumer Product Services and Entertainment Services
732.842.3113 ■ [email protected]