Whether online or in the “physical” world, the strength of security measures should depend on the importance of the items they safeguard. We can use this principle when establishing network security in your store or restaurant to protect data and address PCI DSS requirements.
You probably store cash in a safe to protect it from theft, while you might not worry about leaving toothpicks or menu handouts on the counter or in an unlocked box. Placing items of low value into a theft-resistant container would make them hard to access, erecting unnecessary barriers that do not strengthen security in a meaningful way.
Similarly, when protecting computer systems in your store or restaurant, it makes sense to apply different security measures depending on sensitivity of the data they process. Your POS systems process very important data that is attractive to criminals and that needs to be closely guarded. Implementing the appropriate PCI DSS security measures to protect your POS makes it impractical to use it for non-POS purposes, such as managing other aspects of your business.
To protect cardholder data, separate your POS network from the other systems in your store or restaurant. This allows you to focus on securing the POS environment with critical safety measures such as very tight firewall restrictions, timely security updates, up-to-date antivirus, log management, and so on. By placing other systems, such as your manager PC or DVR on a separate network, you can apply less restricting security measures to these non-POS components in a manner appropriate for your business.
Another advantage of segmenting your network has to do with containing the effects of an infected system on your business operations. Should your non-POS network get breached, the attacker or malicious software will be restricted from accessing your critical POS environment, helping protect you and your customers from the repercussions of stolen cardholder data.
Is the network in your store or restaurant segmented? If not, it is time to create an enclave for your POS systems. NCR Network and Security Services can help with putting the right security measures in place.
Written by: Lenny Zeltser, Director, Product Management at NCR Corporation
Lenny Zeltser is a seasoned business leader with extensive experience in information technology and security. As a product management director at NCR, he focuses on safeguarding IT environments of small and midsize businesses world-wide. Lenny frequently speaks on security and related business topics at conferences and industry events, writes articles, and has co-authored books on forensics, network security and malicious software. He is one of the few individuals in the world who’ve earned the highly-regarded GIAC Security Expert (GSE) designation. Lenny has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania.
The post Segment Your Network to Protect Data and Avoid Inconvenience appeared first on NCR Hospitality Blog.Share