Adding to earlier RSA Conference 2015 discussions on weak point-of-sale (POS) system security, Sean Mason, vice president of Incident Response with Syntricate, provided some tips for organizations - notably smaller businesses - on how best to manage their payment systems.
Do not use remote desktop software, Mason said, adding that services such as LogMeIn should only be used with two-factor authentication enabled. He explained more than once that POS systems - many of which are “really just a Windows machine” - should never be used for checking email or watching YouTube videos.
Point-to-point encryption (P2PE) is a must - businesses should be using encrypting peripherals, and keyed in card data and EMV should also be encrypted, Mason said, explaining how decryption should occur at the merchant's processor.
Larger organizations should know their networks, investigate any alerts, and protect and monitor privileged credentials, Mason added.