Cybersecurity Tips For Small Businesses – Part II

Posted on by ccsretail

5 additional security tips from the Federal Communications Commission (FCC) on how small businesses can improve their cyber security to protect themselves, their customers and their data from growing cyber threats. These – along with the 5 tips I wrote about a few days ago – will go a long way in making sure your business is a safe and secure place for your customers to shop.

Companies involved in finding and removing new malware and spyware, are pointing out that as these threats become more common and big businesses become more adept at protecting themselves, small businesses are more and more being targeted. So it’s becoming extremely important that you read and start implementing these security measures if you haven’t already done so.

Control physical access to your computers and network components
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft, so make sure they are locked up and stored when unattended.

Secure your WiFi networks
If you have a WiFi network for your workplace, make sure it is secure and hidden. To hide your WiFi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). In addition, make sure to turn on the encryption so that passwords are required for access. Lastly, it is critical to change the administrative password that was on the device when it was first purchased.

Require individual user accounts for every employee
Set up a separate account for each individual and require that strong passwords are used for each account. Administrative privileges should only be given to trusted IT staff and key personnel.

Limit employee access to data and information, and limit authority to install software
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need to perform their jobs, and should never be able to install any software without permission. (nd note: it should be never – no exceptions)

Regularly change passwords
Passwords that stay the same will, over time, be shared and become common knowledge to co-workers. This makes them easy to "hack". Passwords should be changed at least every three months. (nd note: this should be an enforced requirement!)

Now for some good news
CCS – as a full service integrator – has staff who can set up any or all security features for you if you want help.

Much of the FCC list consists of steps that are required by the major credit card processing companies. If you process credit cards and are not compliant with the processors’ security requirements, you are subject to large fines if your system is compromised.
 
More good news
CCS can also supply top-notch retail software that is PCI certified by the major processors. That software is called CounterPoint SQL. If you use CP SQL and keep its security features current, you’ll have one less worry from the hackers out there!

Talk to you soon  ~Norma

“Flash Robs”

Posted on by ccsretail

Flash Robs – Group Theft Attacks!

Social media has changed our way of life.  "Flash Mobs" – the impromtu gatherings of participants, from dances in shopping malls to uprisings in the Middle East have become a way of life.  Now law enforcement officials are warning of a new trend: "Flash Robs".

They are saying retailers this holiday season need to protect themselves against a new group of unwanted visitors; swarms of teenagers and young adults who plot via Twitter, phone text and Facebook to descend on stores and steal merchandise and money.  According to the NFR, in some cases injuries have resulted from the size of the crowds.  While most attaches have been on department stores and big-box chains, they recommend that the small retailer have a plan to keep this from happening to them.

Some recommendations are:

  • Avoiding putting merchandise by the door
  • Position workers near key areas of the store and valuable merchandise
  • Keep good visibility through out the store
  • Stock only what is needed on the floor
  • Maintain low levels of cash

So a new but scary phenomenon.   CounterPoint can help you stay on top of your store’s inventory and cash flow in many ways.   The newest one is SmartAlerts that will email or text you warnings to help you know what is happen in your store without always being there.   Two that come to mind are notifications of low stock on premium inventory and when cash in drawer has gone over a set level.    Helping you keep a tighter control during the holidays goes directly to your bottom line.   So if you would happened to be hit by a "Flash Rob" or just the normal issues that come up during your busy season, CounterPoint can help you be prepared. 

Call us to see how SmartAlerts can help you.   800-672-4806 or email sales@ccscentral.com.

Someone Was Just Trying To Help

Posted on by ccsretail

I was recently took a call from a customer complaining of slowness on their front registers which had been replaced with brand new equipment a few weeks prior.  After the initial install, the users were impressed with the difference in speed compared to their old registers.  The problem they were describing pointed to what sounded like a network issue.  I checked all network connections and tested all cabling, they tested OK, I also checked some of the "under the hood" setting within the application and Windows to be sure nothing was set to an incorrectly from the factory. I could find nothing that would cause the slow down, so an on-site visit was recommended.

Once on-site, I started my process of elimination.  I isolated the network to just the Server and Workstations removing any existing equipment with know good equipment like switches and routers and the problem still existed.  Remembering similar problems from another customers site, I decided to check some of the device settings that control how and what devices are being used.  Also remembering that incorrect settings within the Device setup can cause strange behavior (slowness being one of those strange behaviors). 

After checking and double checking the devices, something finally stood out.  A slow serial device was set to used as a Customer display, a Pin Pad, and a Payment Display.  Under normal setup conditions only the Pin Pad and Payment Display should have been configured, but in this case the customer display was setup also.  With this device being serial and a Pin Pad to boot, the communication settings are set very low to eliminate and data errors when sending information to the bank.  This also means that every time an item is scanned, or a user logs into the ticket screen, the system is going to try to send Customer Display information to the device also, hence the slowness at the register.

In the matter of a few seconds, removing this configuration from the setup made a night and day difference in how the register performed.  "It was like new equipment was installed all over again", I heard one of the users claim. 

But what really happened was that a savvy enough user was just trying to help and reconfigured the device setup without knowing exactly the consequences his or her help may cause.  In most any other case this probably would not have had such an impact on performance, but because the device is set at such a slow speed, it made all the difference in the world.  If CCS had this information, this could have been a 15 minuet call but it turned into a 2hr support call. 

Remember, we are not here to get people in trouble, or to place blame.  We want to help you as quickly as possible.  That is why we ask for ALL information pertaining to the problem.  Weather a new employee pushes a wrong button, someone prints a 40 page report to a receipt printer by mistake, everything helps.

If you have any questions or concerns, call the CCS Retail Support Department at 800.672.4806 or email us

-Bryan

Can there be too much security?

Posted on by ccsretail

The importance of having adequate security on your computer systems can not be stressed too much.

Without adequate security, your systems are vulnerable to viruses, remote attacks, and other similar abuses.  Having said that, it is possible to have too much security.  When that happens, it can interfere with your ability to do your normal work, or receive the support that you need.

Having more than one anti-virus package will lead to problems.  While it is important to have good anti virus software, having more than one type of anti virus software usually causes them to interfere with each other.  What usually happens, is that each anti-virus package detects the others as an infection, and tries to heal the infection.  The result is that all the packages end up being crippled, and you are left with no anti-virus protection at all.

Having too many firewalls can give similar results.  With two, or more, firewalls, there is a great risk that they will end up blocking each other.  This could lead to a complete shutdown of your network.  At the very least, it means a large headache trying to determine where network traffic is being blocked.

Policies and procedures can get in the way, too.  Just the other day, I had a request to populate the field in one SQL table, with data from a second table.  A simple one line SQL command.  I spent nearly an hour contacting different people in the customer’s IT department.  Each one had to get the explanation of what the change was, who authorized it, and so on.  When I finally was given access, and was able to run the SQL command, it was all over in under a minute.

As important as your system security is, these are just a few examples of how it is possible to go too far.  What you choose for to address your security, has to be well thought out, and planned, to achieve the desired results.  It should also be evaluated periodically.  Not only to make sure it is adequate and current, but also to make sure that it is not becoming it’s own worst enemy.

Contact CCS Retail to arange for our Risk Assessment Audit and PCI-DSS compliance review.

Why Use A Sledgehammer When A Feather duster Will do?

Posted on by ccsretail

Why Use A Sledgehammer When A Feather duster Will do?

Recently, a new system administrator called in about a problem that his organization was having related to automated overnight processing operations hanging.  Credit Cards weren’t settling and their daily sales were not posting.  This was later determined to be primarily due to a script that their previous MIS person had set-up to "Kill" open users processes.  These processes involved users who were not logging out of their Point of Sale software before leaving for the day.   This specific script had embedded commands in use that were too forceful, and it was actually corrupting some of their  data and corresponding index files.  What was being done was tantamount to using Sledgehammer to do a job that a Feather duster would have been more than adequate for.

This reminds me of a another parallel story that a friend once told me…

As a youngster, this individual used to go Squirrel and Rabbit hunting in the woods with his younger brother.  Normally they took along air rifles or one of their fathers .22 caliber rifles.  It wasn’t unusual for them to come back with at least a little something for the family stew pot. 

However, early one day, the eldest boy going to the tool shed to gather their rifles, noticed that his father had taken out his favorite Deer Rifle for cleaning.  This was a 12 gauge, heavy barreled, rifled, slug gun. "Hey, lets take that!", he exclaimed. Grabbing the gun and a box of shells, both of the now grinning boys trotted off to the nearby forest.

Later that day as the boys came back from the hunt, they quietly put away the rifles.  Head hung low, with nothing for the dinner table, the older boy quietly  shuffles over to father, who was on the porch  fixing Grandma’s Rocking Chair. He says rather quietly, "Well Dad, I guess that I learned a valuable  lesson today…", then pausing with a big sigh.  His father briefly stopped working, and looked up…  What’s that son?" he asked.  "Well, I guess that it doesn’t make sense to  hunt Squirrels and Rabbits  with a Deer Rifle." adding, "My shoulder is really sore too…" Upon hearing this, the younger brother  chirps in with …"Yeah, and there ain’t much left of them when you nail em with a 12 gauge!".
 
So… It is generally not recommended that one use a Sledgehammer (or a 12 gauge) on something when another tool or option would have been more appropriate

If you are wondering about the status of any automated processes that are running on you systems, please contact the CCS Retail Systems Support Department to schedule a review.

 

Cybersecurity Tips For Small Businesses – Part I

Posted on by ccsretail

The Federal Communications Commission has published cybersecurity tips that should be a must read  for every small business owner.

Broadband and information technology are powerful factors in small businesses reaching new markets and increasing their productivity and efficiency.

However, businesses need cybersecurity tools and tactics to protect themselves, their customers and their data from growing cyber threats. Below are some key cybersecurity tips that will help you protect your business.

Train employees in security principles
– Establish basic security practices to protect sensitive information.
– Stress these practices to all employees on a regular basis.
Give each employee a list of rules you expect them to follow for handling customer information and other vital data.
Spell out the penalties for violating these rules.

Protect information, computers and networks from viruses, spyware and other malicious code
Install, use and regularly update anti-virus and anti-spyware on every computer used in your business.
– Pick software that has regular security updates. You may have to pay a yearly update fee – It’s worth it.
– Set the software to automatically check for and install these security updates at a time you specify.
– Additionally, set the software to scan your system completely after these new updates are installed.

Provide firewall security for your Internet connection
– Firewalls prevent outsiders from accessing data on a private network.
– For companies that allow employees to work from home, make sure their home computers have firewalls set.
Caution: You may have business or retail software that requires Internet access. In this situation, have a tech
   configure your firewall to allow this limited access.

Download/install software updates for your operating systems and applications are they’re available
– Vendors regularly provide patches and updates to their products to correct security problems and add features.
– Configure all software to notify you when updates are available.
– You can also set the software to automatically install the updates. Approach this with caution. It’s often better
   to check what’s been included in the latest update before installing it.

Make backup copies of important business data and information
– Regularly back up the data on all systems used in your business.
– Include financial files, human resources files, databases, accounting files, spreadsheets, word documents.
– At a minimum, do a data backup daily and a complete system backup weekly.
Store a copy of the backups off-site. Besides cybersecurity reasons, you’re protecting your self from other
  catastrophes such as fire and flood to name two.

Check back soon for Part II in what you can do to protect your business against cyberattacks.

Talk to you soon.  ~Norma

A New Kind of Advertising on the Horizon

Posted on by ccsretail

3-D Mobile Ads

As smartphones and mobile devices continue to proliferate in the market scene, 3-D advertising is becoming a replacement for the standard banner ad.  Just think—in the palm of your hand you will see images that make you feel as though you have jumped right into the picture!  What a marvelous way to show your products to their best advantage to your potential customers!

Already touch technology allows a user to move around the screen on a mobile device.  Predicted improvements in 3-D advertising will aim at in-depth interactivity made possible by the use of 3-D glasses, much like those used in the past for 3-D movies.  Instead of just looking at a flat picture of a product, customers will be able to see it from all angles, just as though they were in the screen, walking around on all sides!  Just imagine what that could do for your sales!

Don’t be left behind.  CounterPoint’s CPMobile will allow you to get started toward pulling in sales from people on the move.  Call us now at 800-672-4806 for more information or email us.   

Why Buying An Email List Is Bad

Posted on by ccsretail

Using Purchased Mailing Lists
 

Most business owners have good intentions when they purchase an email list. They’re often eager to grow their business and feel these lists will help them grow faster. But beware! There are companies out there looking for people new to email marketing and they promise to deliver lists that are "cleaned", "subscribed/opted in, " verified" and "targeted". The truth is, sending email to a purchased list has consequences. Here are some you might not be aware of:

ISP’s (Internet Service Providers) may blacklist/block email coming from your email address.
ISP’s can choose to blacklist/block your "from" email address due to a high number of invalid email addresses. Once an ISP blocks you, even contacts with valid email addresses will be blocked for that particular ISP. There’s also the possibility that one of the email addresses you purchased is a "spam trap". This means that anyone sending email to that specific address will be blacklisted/blocked because they sent email to a "spam trap" address.

Purchased Lists increase the chance of your email being marked as spam.
Recipients from a purchased list may mark your email as spam because they never subscribed to receive your business newsletter. If a large number of contacts marks your email as spam, that can also cause your "from" address to be blacklisted/blocked.

Purchased lists may keep you from sending email to contacts who actually subscribe/opt-in to receive your newsletter
Once an ISP blacklists/blocks your "from" address, even contacts with valid email addresses for that particular ISP will be blocked.

All of the above can cause your business to have a negative reputation within email marketing.

So before purchasing a list, think twice about the consequences. It may take longer but will be much safer – and produce better responses – if you take the time to build your own list. If you have an on-line store or WEB site, give anyone who visits your site the option to receive email from you. If you don’t have an on-line store or WEB site, you can still have a sign-up sheet at your register(s). Be creative. Use a sign that says something like "Be the first to hear about our upcoming sales".  Use something that will draw your customers’ attention and will make them want  to sign up.

Talk to you soon  ~Norma

Photos of Dead Gaddafi Spreading Malware

Posted on by ccsretail

Former Libyan dictator Moammar Gaddafi’s death has hit the headlines everywhere, as have a variety of graphic images and video of his capture and execution, making their way into our RSS reader feeds, social network timelines and email inboxes. With the end of a 42 year tyranny, many of course are elated, and are sharing the news as widely as they can.

According to computer and Internet software protection firm Sophos, the rapid spread of the news of Gaddafi’s summary execution has opened the door for hackers to blanket the Web with their own version of the event, along with a nasty, hidden surprise.

http://technorati.com/technology/it/article/virus-alert-photos-of-dead-gaddafi/